Lucene search
K
LopalopaLive Membership System

4 matches found

CVE
CVE
added 2024/08/08 12:0 a.m.51 views

CVE-2024-40488

CVE-2024-40488 affects the Kashipara Live Membership System v1.0. A CSRF flaw could trick an administrator into deleting valid member data via a crafted request to /delete_members.php. The CVE is rated high (CVSS 3.1: 8.8) with attacker-initial access not requiring privileges and user interaction...

8.8CVSS6.7AI score0.00315EPSS
CVE
CVE
added 2024/08/08 12:0 a.m.48 views

CVE-2024-40487

Kashipara Live Membership System v1.0 is affected by a Stored XSS in the /view_type.php endpoint, exploitable via the membershipType parameter to trigger arbitrary code execution. The issue is documented across multiple sources (NVD/Red Hat/CVE lists and security reports) with a CVSSv3.1 base sco...

7.6CVSS6.1AI score0.01111EPSS
CVE
CVE
added 2024/08/08 12:0 a.m.45 views

CVE-2024-40482

CVE-2024-40482 affects Kashipara Live Membership System v1.0. An unrestricted file upload in "/Membership/edit_member.php" enables attackers to upload a crafted PHP file and achieve arbitrary code execution. The CVSS basis is 9.8 (CRITICAL): Network access, no authentication, low attack complexit...

9.8CVSS7.7AI score0.01202EPSS
Web
CVE
CVE
added 2024/08/08 12:0 a.m.45 views

CVE-2024-40486

CVE-2024-40486 affects Kashipara Live Membership System v1.0. The issue is a SQL injection in the "/index.php" page, allowing remote attackers to execute arbitrary SQL and bypass login using the email or password login parameters. Affected component: the Live Membership System’s login entry point...

9.8CVSS9.2AI score0.01016EPSS