CVE 9.8 CRITICAL

CVE-2025-67147_CVE-2025-67147

January 12, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'login_id', 'pwfield', and 'login_key' parameters in (3) change_s_pwd.php. An unauthenticated or authenticated attacker can exploit these issues to bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or escalate privileges to administrator level.

AI Analysis

SQL Injection vulnerability allowing arbitrary SQL command execution, data modification, and privilege escalation

Basic Information

ID CVE-2025-67147

Source mitre

Published Jan 12, 2026 at 00:00

Modified Jan 12, 2026 at 21:21

Affected Product

Vendor amansuryawanshi

Product Gym-Management-System-PHP

Version 1.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor amansuryawanshi

Product Gym-Management-System-PHP

Version 1.0

References

github.com /amansuryawanshi/Gym-Management-System-PHP/issues/3

{
    "lastseen": "",
    "description": "Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'login_id', 'pwfield', and 'login_key' parameters in (3) change_s_pwd.php. An unauthenticated or authenticated attacker can exploit these issues to bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or escalate privileges to administrator level.",
    "published": "2026-01-12T00:00:00.000Z",
    "modified": "2026-01-12T21:21:52.528Z",
    "type": "cve",
    "title": "CVE-2025-67147",
    "source": "mitre",
    "references": "https://github.com/amansuryawanshi/Gym-Management-System-PHP/issues/3",
    "id": "CVE-2025-67147",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Gym-Management-System-PHP",
    "version": "1.0",
    "vendor": "amansuryawanshi",
    "ai_description": "SQL Injection vulnerability allowing arbitrary SQL command execution, data modification, and privilege escalation",
    "ai_severity": "Critical",
    "ai_vendor": "amansuryawanshi",
    "ai_product": "Gym-Management-System-PHP",
    "ai_version": "1.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply