CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.
The vulnerability results from insufficient validation and sanitization of input data passed through the ID parameter in the print_membership_card.php file. An attacker can inject malicious SQL code directly into the query executed by the application. The attack does not require authentication or user interaction, and can be carried out remotely over the network.
An attacker can obtain unauthorized read, modification, or deletion of data stored in the application's database, including personal data and sensitive membership information. Depending on the database server configuration, it may also be possible to execute system commands or escalate privileges.
Patches available from the vendor should be applied in accordance with the references. It is also recommended to implement mechanisms for validation and sanitization of input data (e.g., prepared statements / parameterized SQL queries) and restrict access to the vulnerable endpoint at the firewall or web server level until the patch is deployed.
Codeastro Membership Management System version 1.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCodeastro Membership Management System
APPCodeastro1.0
Related vulnerabilities
Brak uwierzytelnienia w delete_members.php — usuwanie rekordów członków
SQL Injection w CodeAstro Membership Management System via add_type.php
Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management Syste...
CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Log...
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure ...