4 matches found
CVE-2024-40488
CVE-2024-40488 affects the Kashipara Live Membership System v1.0. A CSRF flaw could trick an administrator into deleting valid member data via a crafted request to /delete_members.php. The CVE is rated high (CVSS 3.1: 8.8) with attacker-initial access not requiring privileges and user interaction...
CVE-2024-40487
Kashipara Live Membership System v1.0 is affected by a Stored XSS in the /view_type.php endpoint, exploitable via the membershipType parameter to trigger arbitrary code execution. The issue is documented across multiple sources (NVD/Red Hat/CVE lists and security reports) with a CVSSv3.1 base sco...
CVE-2024-40482
CVE-2024-40482 affects Kashipara Live Membership System v1.0. An unrestricted file upload in "/Membership/edit_member.php" enables attackers to upload a crafted PHP file and achieve arbitrary code execution. The CVSS basis is 9.8 (CRITICAL): Network access, no authentication, low attack complexit...
CVE-2024-40486
CVE-2024-40486 affects Kashipara Live Membership System v1.0. The issue is a SQL injection in the "/index.php" page, allowing remote attackers to execute arbitrary SQL and bypass login using the email or password login parameters. Affected component: the Live Membership System’s login entry point...