CVE-2026-36387

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /addmembers.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE...

CVE-2025-70149

CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in printmembershipcard.php via the ID parameter...

CVE-2025-70150

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in deletemembers.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter...

CodeAstro Membership Management System 安全漏洞

The CodeAstro Membership Management System is a member management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Membership Management System has a security vulnerability. This vulnerability stems from the lack of validation for the ID parameter in the printmembershipcard.php fil...

CVE-2025-70148

Missing authentication and authorization in printmembershipcard.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference...

CVE-2024-48709

CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting XSS via the membershipType parameter in edittype.php...

CVE-2024-46471

The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information...

CVE-2024-2333 CodeAstro Membership Management System add_members.php sql injection

A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /addmembers.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

PT-2024-19811 · Unknown · Codeastro Membership Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Membership Management System version 1.0 Description: A critical issue has been found in the CodeAstro Membership Management System. The problem is related to an unknown function in the file /add members.php, where the manipulation ...

CVE-2024-2149 CodeAstro Membership Management System settings.php sql injection

A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

CodeAstro Membership Management System SQL Injection Vulnerability

CodeAstro Membership Management System is a membership management system from CodeAstro, Inc. A SQL injection vulnerability exists in CodeAstro Membership Management System v.1.0 that could allow a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php componen...

CVE-2024-1924

A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /getmembershipamount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely...

CVE-2024-1819

A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the component Add Members Tab. The manipulation of the argument Member Photo leads to unrestricted upload. It is possible to initiate the attack remotely. T...

PT-2024-18334 · Unknown · Codeastro Membership Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Membership Management System version 1.0 Description: A critical issue affects the Add Members Tab component, where the manipulation of the Member Photo argument leads to unrestricted upload. This can be initiated remotely. The issu...