What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes gymbase_classes allows SQL Injection.This issue affects GymBase Theme Classes: from n/a through <= 1.4.
Explanation of Vulnerability in Simple Terms
02Summary
GymBase Theme Classes versions 1.4 and earlier contain a SQL injection vulnerability accessible to authenticated users. An attacker with low-level account access can craft malicious input to execute arbitrary SQL queries, potentially reading sensitive data from the database or disrupting site availability. The vulnerability affects multiple components due to scope change.
What an attacker can do
03Attacker Capabilities
Read sensitive database records and disrupt site availability by injecting SQL commands.
Potential impact on your site
04Site Impact
Unauthorized access to database contents and potential service disruption if the site runs GymBase Theme Classes 1.4 or earlier.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site; no user interaction required.
Key dates
06Disclosure timeline
July 16, 2025
CVE published
May 13, 2026
Record updated