CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

EUVD-2009-1275

Malware in sbrugna...

itsourcecode Gym Management System 注入漏洞

itsourcecode Gym Management System is an itsourcecode open source gym management system. An injection vulnerability exists in version 1.0 of itsourcecode Gym Management System, which is caused by a SQL injection due to incorrect manipulation of the memberid parameter in file/ajax.php...

Mars: IDOR to account takeover on POST to █████████ by changing member_id parameter

Website endpoint was vulnerable to account takeover by changing member ID parameter...

Sql injection

SQL injection vulnerability in index.php in Gravity Board X GBX 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the memberid parameter in a viewprofile action. NOTE: the boardid issue is already covered by CVE-2008-2996.2...

CVE-2006-7116

SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the memberid parameter $id variable to index.php...

FreeBSD : plone -- 'member_id' Parameter Portrait Manipulation Vulnerability (22c6b826-cee0-11da-8578-00123ffe8333)

Secunia reports : The vulnerability is caused due to missing security declarations in 'changeMemberPortrait' and 'deletePersonalPortrait'. This can be exploited to manipulate or delete another user's portrait via the 'memberid' parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...