CVE-2024-2076

CVE-2024-2076 affects CodeAstro House Rental Management System 1.0, specifically unknown functionality in booking.php/owner.php/tenant.php. The issue is an authentication flaw that allows remote exploitation, with exploitation publicly disclosed. Connected sources consistently describe a missing ...

CVE-2024-25867

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the addtype.php component...

CVE-2024-25869

An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component...

CVE-2024-25866

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component...

CVE-2024-25867

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the addtype.php component...

CVE-2024-25869

An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component...

CVE-2024-25866

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component...

CVE-2024-25868

A Cross Site Scripting XSS vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the addtype.php component...

Sql injection

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component...

Unrestricted file upload

An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component...

Sql injection

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the addtype.php component...

Cross site scripting

A Cross Site Scripting XSS vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the addtype.php component...

CVE-2024-25869

An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component...

CVE-2024-25869

An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component...

CVE-2024-25866

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component...

CVE-2024-25869

CVE-2024-25869 affects CodeAstro Membership Management System v1.0 (PHP). Affected component is settings.php where an unrestricted file upload allows a remote attacker to upload a crafted PHP file and execute arbitrary code. CVSSv3.1 base score 8.8 (High) with network access, low complexity, and ...

CodeAstro Membership Management System SQL Injection Vulnerability

CodeAstro Membership Management System is a membership management system from CodeAstro, Inc. A SQL injection vulnerability exists in CodeAstro Membership Management System v.1.0 that could allow a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php componen...

CVE-2024-25867

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the addtype.php component...

CVE-2024-25866

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component...

CodeAstro Membership Management System Security Vulnerability

CodeAstro Membership Management System is a membership management system from CodeAstro. A security vulnerability exists in CodeAstro Membership Management System v.1.0, which stems from an unrestricted file upload vulnerability that allows remote attackers to execute arbitrary code via a special...