CVE-2025-29018

CVE-2025-29018 affects Code Astro Internet Banking System 2.0.0. The vulnerability is a Stored Cross-Site Scripting (XSS) in the name parameter of pages_add_acc_type.php. Core details: vulnerable component is the PHP page handler and the issue arises from unsanitized/reflective input in the name ...

CVE-2024-0194

CodeAstro Internet Banking System up to version 1.0 is affected by CVE-2024-0194 in the Profile Picture Handler component (pages_account.php). The vulnerability enables unrestricted file upload and may be exploited remotely. Multiple connected sources confirm the issue and the presence of an expl...

CVE-2025-29017

Code Astro Internet Banking System 2.0.0 is reported vulnerable via the profile_pic parameter in pages_view_client.php due to improper file upload validation, allowing an attacker to upload a malicious PHP file and achieve Remote Code Execution (RCE). The linked exploit/documentation describes by...

CVE-2025-29015

CVE-2025-29015 affects Code Astro Internet Banking System 2.0.0. The vulnerability is an Cross Site Scripting (XSS) flaw that can be triggered via the name parameter in /admin/pages_account.php, allowing script injection. The issue is documented with CVSS v3.1 base metrics: AV:N/AC:L/PR:N/UI:R/S:...

CVE-2024-56924

CVE-2024-56924 affects Code Astro Internet Banking System 2.0.0. The vulnerability is a Cross Site Request Forgery (CSRF) that can allow remote attackers to have an authenticated admin execute arbitrary JavaScript on the admin page (pages_account), potentially changing account settings or exfiltr...