19 matches found
CVE-2024-1818
CVE-2024-1818 affects CodeAstro Membership Management System 1.0, specifically the Logo Handler’s /uploads/ area. A vulnerability in an unknown function within that directory allows unrestricted file uploads, with remote exploitation and the exploit publicly disclosed. Impact is described as unre...
CVE-2024-1819
CodeAstro Membership Management System 1.0 is affected in the Add Members Tab. The issue arises from manipulating the Member Photo argument, enabling unrestricted uploads. The vulnerability can be triggered remotely and has publicly disclosed exploit information. Documentation in connected source...
CVE-2024-1924
CodeAstro Membership Management System 1.0 contains a SQL injection vulnerability in get_membership_amount.php via the membershipTypeId parameter. The flaw allows remote exploitation and has been publicly disclosed. Affected component is reported as an unspecified area within get_membership_amoun...
CVE-2024-25868
CVE-2024-25868 concerns CodeAstro Membership Management System (PHP v1.0). Affected component: add_type.php, specifically the membershipType parameter, exploited via stored XSS to trigger arbitrary code execution. Public references consistently describe a cross-site scripting vulnerability in thi...
CVE-2024-25869
CVE-2024-25869 affects CodeAstro Membership Management System v1.0 (PHP). Affected component is settings.php where an unrestricted file upload allows a remote attacker to upload a crafted PHP file and execute arbitrary code. CVSSv3.1 base score 8.8 (High) with network access, low complexity, and ...
CVE-2024-25867
CodeAstro Membership Management System (PHP v1.0) has a SQL Injection in add_type.php that allows remote SQL execution via membershipType and membershipAmount parameters. Affected component/file: add_type.php in Version 1.0. Underlying cause: improper input handling enabling arbitrary queries. Im...
CVE-2024-25866
CVE-2024-25866 concerns CodeAstro Membership Management System (PHP v1.0). Multiple sources describe a SQL Injection vulnerability enabling a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component. The issue is categorized with high severity (CVSS 3.1...
CVE-2024-2333
CodeAstro Membership Management System 1.0 is affected by CVE-2024-2333 due to an SQL injection in the /add_members.php file where manipulation of the fullname parameter enables remote exploitation. Multiple sources (NVD, Red Hat, CVE lists, and third-party advisories) confirm the issue and publi...
CVE-2024-2149
CVE-2024-2149 affects CodeAstro Membership Management System 1.0, specifically the code path in settings.php where the currency parameter can be manipulated to trigger SQL injection. The vulnerability is remote(attack vector: network) with high impact on confidentiality, integrity, and availabili...
CVE-2024-45528
CVE-2024-45528 affects CodeAstro MembershipM-PHP (Membership Management System in PHP) version 1.0. The vulnerability is a stored cross-site scripting (XSS) flaw triggered by the fullname field in add_members.php, enabling an attacker to inject script that could be reflected during user interacti...
CVE-2024-46236
The CVE-2024-46236 entry concerns CodeAstro Membership Management System v1.0, which is vulnerable to Cross-Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php. Root cause is likely improper sanitization/encoding of user-supplied address input in these scripts, e...
CVE-2025-3998
CVE-2025-3998 affects CodeAstro Membership Management System 1.0. The vulnerability is an SQL injection in the renew.php?id=6 endpoint caused by improper handling of the ID parameter, exploitable remotely. Public disclosures exist across multiple feeds. There is no documented patched version in t...
CVE-2024-48709
CodeAstro Membership Management System v1.0 is vulnerable to Cross-Site Scripting (XSS) via the membershipType parameter in edit_type.php. Affected component: membershipType handling in edit_type.php. Likely impact: injection of script in trusted contexts leading to client-side compromise; explic...
CVE-2024-46470
CVE-2024-46470 affects CodeAstro Membership Management System 1.0. The vulnerability is a Cross Site Scripting (XSS) flaw in the edit-type.php component, triggered via the membership_type field. Reported by multiple sources, the issue allows an attacker to execute malicious JavaScript in the cont...
CVE-2024-46471
CVE-2024-46471 affects CodeAstro Membership Management System 1.0, where directory listing in the /uploads/ folder exposes the structure and contents of directories. Root cause described as directory listing vulnerability leading to potential exposure of sensitive information. Impact is stated as...
CVE-2024-46472
CVE-2024-46472 affects CodeAstro Membership Management System 1.0. The vulnerability is a SQL Injection in the login page triggered by the parameter email . CVSS states a network attack with no user interaction, requiring no privileges, and results in Confidentiality Impact: High and Integrity/Av...
CVE-2025-70148
CodeAstro Membership Management System 1.0 is affected by an IDOR vulnerability in print_membership_card.php due to missing authentication/authorization. Unauthenticated attackers can access membership card data of arbitrary users by sending direct requests with a manipulated id parameter. CVSSv3...
CVE-2025-70150
CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter. The CVE-2025-70150 entry uses a network-exposed, unauthenticated path with high impact to...
CVE-2025-70149
CVE-2025-70149 affects CodeAstro Membership Management System 1.0, with a SQL injection vulnerability in print_membership_card.php via the ID parameter. The issue is documented across multiple sources (NVD/Red Hat/CIRCL/OSV) as a SQL injection affecting this file, but the provided materials do no...