1283 matches found
CVE-2025-3998
A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...
CVE-2025-3998 CodeAstro Membership Management System renew.php sql injection
A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...
CVE-2025-3998 CodeAstro Membership Management System renew.php sql injection
A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...
CVE-2025-3998
CVE-2025-3998 affects CodeAstro Membership Management System 1.0. The vulnerability is an SQL injection in the renew.php?id=6 endpoint caused by improper handling of the ID parameter, exploitable remotely. Public disclosures exist across multiple feeds. There is no documented patched version in t...
CVE-2025-25776
Cross-Site Scripting XSS vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing...
CVE-2025-25776
Cross-Site Scripting XSS vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing...
CVE-2025-25776
Codeastro Bus Ticket Booking System v1.0 is affected by CVE-2025-25776: a Cross-Site Scripting (XSS) flaw in the User Registration and User Profile features caused by insufficient input validation on the Full Name and Address fields. Exploitation could allow arbitrary code execution in these fiel...
CodeAstro Bus Ticket Booking System 安全漏洞
CodeAstro Bus Ticket Booking System is a bus ticket booking system from CodeAstro. A security vulnerability exists in CodeAstro Bus Ticket Booking System v1.0, which stems from insufficient input validation of the Full Name and Address fields in the user registration and user profile functionalit...
PT-2025-18071 · Unknown · Codeastro Bus Ticket Booking System
Name of the Vulnerable Software and Affected Versions: Codeastro Bus Ticket Booking System version 1.0 Description: A Cross-Site Scripting XSS issue exists in the User Registration and User Profile features, allowing an attacker to execute arbitrary code in the Full Name and Address fields during...
CodeAstro Membership Management System 注入漏洞
CodeAstro Membership Management System is a membership management system from CodeAstro. An injection vulnerability exists in CodeAstro Membership Management System version 1.0, which is caused by SQL injection due to the operation of the parameter ID in the file renew.php?id=6...
PT-2025-18036 · Unknown · Codeastro Membership Management System
Name of the Vulnerable Software and Affected Versions: CodeAstro Membership Management System version 1.0 Description: A critical vulnerability was found in the CodeAstro Membership Management System. This issue affects unknown code of the file "renew.php?id=6". The manipulation of the ID argumen...
CVE-2025-25775
Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder...
CVE-2025-25777
Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...
CVE-2025-25775
Codeastro Bus Ticket Booking System v1.0 is affected by a SQL injection in the /BusTicket-CI/tiket/cekorder endpoint via the kodetiket parameter. Root cause: unsafe handling of the parameter leading to SQL injection. Impact: per CVSS metrics, high for confidentiality, integrity, and availability ...
CVE-2025-25775
Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder...
CodeAstro Bus Ticket Booking System SQL注入漏洞
CodeAstro Bus Ticket Booking System is a bus ticket booking system from CodeAstro. A security vulnerability exists in Codeastro Bus Ticket Booking System version 1.0, which originates from a SQL injection in the kodetiket parameter...
CVE-2025-25775
Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder...
CVE-2025-25777
Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...
CVE-2025-25777
Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...
CVE-2025-25777
CVE-2025-25777 affects Codeastro Bus Ticket Booking System v1.0, where an insecure direct object reference (IDOR) allows unauthorized access to user profiles by altering the URL parameter user ID. Root cause: insufficient authentication/authorization checks on profile endpoints, enabling access t...