CVE 9.4 CRITICAL

CVE-2025-67146_CVE-2025-67146

January 12, 2026 invoker category_cve

9.4 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Description

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An unauthenticated remote attacker can exploit these issues to inject malicious SQL commands, leading to unauthorized data extraction, authentication bypass, or modification of database contents.

AI Analysis

SQL Injection vulnerability allowing unauthorized data extraction, authentication bypass, or modification of database contents

Basic Information

ID CVE-2025-67146

Source mitre

Published Jan 12, 2026 at 00:00

Modified Jan 12, 2026 at 21:25

Affected Product

Vendor AbhishekMali21

Product GYM-MANAGEMENT-SYSTEM

Version 1.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor AbhishekMali21

Product GYM-MANAGEMENT-SYSTEM

Version 1.0

References

github.com /AbhishekMali21/GYM-MANAGEMENT-SYSTEM/issues/4

{
    "lastseen": "",
    "description": "Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An unauthenticated remote attacker can exploit these issues to inject malicious SQL commands, leading to unauthorized data extraction, authentication bypass, or modification of database contents.",
    "published": "2026-01-12T00:00:00.000Z",
    "modified": "2026-01-12T21:25:47.231Z",
    "type": "cve",
    "title": "CVE-2025-67146",
    "source": "mitre",
    "references": "https://github.com/AbhishekMali21/GYM-MANAGEMENT-SYSTEM/issues/4",
    "id": "CVE-2025-67146",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GYM-MANAGEMENT-SYSTEM",
    "version": "1.0",
    "vendor": "AbhishekMali21",
    "ai_description": "SQL Injection vulnerability allowing unauthorized data extraction, authentication bypass, or modification of database contents",
    "ai_severity": "Critical",
    "ai_vendor": "AbhishekMali21",
    "ai_product": "GYM-MANAGEMENT-SYSTEM",
    "ai_version": "1.0",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply