CVE-2025-70148

High CVSS: 7.5

Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR).

Vendor

Codeastro

Product

Membership Management System

CWE

CWE-862

Yayın Tarihi

2026-02-18 18:24:19

Güncelleme

2026-02-20 13:55:58

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-862 Membership Management System HIGH Codeastro 2026

Referanslar

https://www.phpscriptsonline.com/product/membership-management-software https://youngkevinn.github.io/posts/CVE-2025-70148-Membership-IDOR/ https://youngkevinn.github.io/posts/CVE-2025-70148-Membership-IDOR/

Benzer Kayıtlar

Medium

CVE-2026-3137

A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of th…

Critical

CVE-2025-70150

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that al…

Critical

CVE-2025-70149

CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parame…

Medium

CVE-2025-14899

A weakness has been identified in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the f…

Medium

CVE-2025-14900

A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. Affected is an unknown functi…

Medium

CVE-2025-14898

A security flaw has been discovered in CodeAstro Real Estate Management System 1.0. This affects an unknown function of…