CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3998 – CodeAstro Membership Management System renew.php sql injection
https://notcve.org/view.php?id=CVE-2025-3998
28 Apr 2025 — A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. • https://codeastro.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46236
https://notcve.org/view.php?id=CVE-2024-46236
21 Oct 2024 — CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php. • https://github.com/anoncoder01/PHP_CodeAstro_Stored_XSS/blob/master/vulnerabilities/XSS_1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48709
https://notcve.org/view.php?id=CVE-2024-48709
21 Oct 2024 — CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php • https://github.com/anoncoder01/PHP_CodeAstro_Stored_XSS/blob/master/vulnerabilities/XSS_2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46470
https://notcve.org/view.php?id=CVE-2024-46470
27 Sep 2024 — Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component. • https://codeastro.com/membership-management-system-in-php-with-source-code • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46471
https://notcve.org/view.php?id=CVE-2024-46471
27 Sep 2024 — The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information. • https://codeastro.com/membership-management-system-in-php-with-source-code • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46472
https://notcve.org/view.php?id=CVE-2024-46472
27 Sep 2024 — CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page. • https://codeastro.com/membership-management-system-in-php-with-source-code • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45528
https://notcve.org/view.php?id=CVE-2024-45528
02 Sep 2024 — CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS. CodeAstro MembershipM-PHP (también conocido como Sistema de gestión de membresía en PHP) 1.0 permite XSS almacenado con el nombre completo en add_members.php. • https://github.com/ShellFighter/VulnerabilityResearch/blob/main/MMS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2333 – CodeAstro Membership Management System add_members.php sql injection
https://notcve.org/view.php?id=CVE-2024-2333
09 Mar 2024 — A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sxyrxyy/aiohttp-exploit-CVE-2024-23334-certstream • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2149 – CodeAstro Membership Management System settings.php sql injection
https://notcve.org/view.php?id=CVE-2024-2149
03 Mar 2024 — A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/JiaDongGao1/CVE_Hunter/blob/main/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 56%CPEs: 1EXPL: 0CVE-2024-25869
https://notcve.org/view.php?id=CVE-2024-25869
28 Feb 2024 — An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component. Una vulnerabilidad de carga de archivos sin restricciones en CodeAstro Membership Management System en PHP v.1.0 permite a un atacante remoto ejecutar código arbitrario mediante la carga de un archivo php manipulado en el componente settings.php. • https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-Unrestricted_Fileupload.md • CWE-434: Unrestricted Upload of File with Dangerous Type •