A set of critical SQL Injection vulnerabilities has been identified in the amansuryawanshi Gym-Management-System-PHP software. These flaws allow an attacker, with or without prior authentication, to execute malicious database commands, potentially leading to a complete compromise of the system's data, user accounts, and administrative functions. Due to the critical severity and the potential for unauthenticated exploitation, immediate remediation is required to prevent data breaches and unauthorized access.

The application fails to properly sanitize user-supplied input in multiple parameters across three different PHP files. An attacker can inject malicious SQL queries into these parameters, which are then executed by the back-end database. The specific vulnerable locations are:

• submit_contact.php: via the 'name', 'email', and 'comment' parameters.
• secure_login.php: via the 'username' and 'pass_key' parameters.
• change_s_pwd.php: via the 'login_id', 'pwfield', and 'login_key' parameters. Exploitation could allow an unauthenticated attacker to bypass login mechanisms (secure_login.php) or an authenticated attacker to escalate privileges and manipulate data (change_s_pwd.php).

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have a severe impact on the business, leading to a significant data breach of member information, including personally identifiable information (PII). An attacker could read, modify, or delete any data within the application's database, disrupt operations, and escalate their privileges to a full system administrator. This level of compromise poses a direct risk of financial loss, reputational damage, and potential regulatory penalties related to data protection.

Immediate Action: Update the amansuryawanshi Gym-Management-System-PHP to the latest version provided by the vendor, which addresses these vulnerabilities. After patching, it is crucial to monitor for any signs of exploitation attempts that may have occurred and review web server and database access logs for suspicious activity.

Proactive Monitoring: Security teams should actively monitor web server logs for requests to submit_contact.php, secure_login.php, and change_s_pwd.php containing SQL syntax like UNION, SELECT, --, OR 1=1, or sleep/benchmark commands. Monitor database logs for unusual or unauthorized queries. An increase in failed login attempts or the creation of unauthorized administrative accounts should be investigated immediately.

Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rulesets designed to block common SQL Injection attack patterns. Restrict access to the application from untrusted networks and ensure the database user account used by the application operates with the principle of least privilege, limiting its ability to modify schema or access other databases.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the fact that some vectors are exploitable by an unauthenticated attacker, this vulnerability represents a significant and immediate risk to the organization. We strongly recommend that all instances of amansuryawanshi Gym-Management-System-PHP 1.0 be identified and patched to the latest version with the highest priority. Although not currently on the CISA KEV list, the ease of exploitation requires that this vulnerability be treated as an active threat.