CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40482
https://notcve.org/view.php?id=CVE-2024-40482
08 Aug 2024 — An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Unrestricted%20File%20Upload.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40488
https://notcve.org/view.php?id=CVE-2024-40488
08 Aug 2024 — A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php. • https://capec.mitre.org/data/definitions/62.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40486
https://notcve.org/view.php?id=CVE-2024-40486
08 Aug 2024 — A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/SQL%20Injection.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40487
https://notcve.org/view.php?id=CVE-2024-40487
08 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Stored%20XSS.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •