CRITICAL🇵🇱 Wersja polska

CVE-2025-70149

CVSS 9.8v3.1pub. 2026-02-18upd. 2026-02-23

CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation and sanitization of input data passed through the ID parameter in the print_membership_card.php file. An attacker can inject malicious SQL code directly into the query executed by the application. The attack does not require authentication or user interaction, and can be carried out remotely over the network.

Impact

An attacker can obtain unauthorized read, modification, or deletion of data stored in the application's database, including personal data and sensitive membership information. Depending on the database server configuration, it may also be possible to execute system commands or escalate privileges.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. It is also recommended to implement mechanisms for validation and sanitization of input data (e.g., prepared statements / parameterized SQL queries) and restrict access to the vulnerable endpoint at the firewall or web server level until the patch is deployed.

Who is affected

Codeastro Membership Management System version 1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Codeastro Membership Management System

    APP
    Codeastro
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-70150CRITICAL9.8PL ✓ten sam produkt

Brak uwierzytelnienia w delete_members.php — usuwanie rekordów członków

CVE-2024-25867CRITICAL9.1PL ✓ten sam produkt

SQL Injection w CodeAstro Membership Management System via add_type.php

CVE-2025-70148HIGH7.5ten sam produkt

Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management Syste...

CVE-2024-46472HIGH8.6ten sam produkt

CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Log...

CVE-2024-46471HIGH7.5ten sam produkt

The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure ...