Codeastro: >> Membership Management System Security Vulnerabilities
CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-10-21
CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php
CVSS Score
5.4
EPSS Score
0.0
Published
2024-10-21
Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-09-27
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-09-27
CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page.
CVSS Score
8.6
EPSS Score
0.0
Published
2024-09-27
CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-09-02
A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256284.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-03-09
A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255502 is the identifier assigned to this vulnerability.
CVSS Score
4.7
EPSS Score
0.0
Published
2024-03-03
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-02-28
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component.
CVSS Score
9.1
EPSS Score
0.001
Published
2024-02-28
Page 1