CVE-2017-1002009

Name of the Vulnerable Software and Affected Versions Membership Simplified version 1.58

Description The issue concerns a blind SQL injection vulnerability. It occurs because the code in the updateDB.php file does not properly sanitize user input via the recordId variable in the delete function. This allows for potential exploitation.

Recommendations For Membership Simplified version 1.58, consider disabling the delete function in the updateDB.php file until a patch is available to prevent blind SQL injection attacks. Restrict access to the updateDB.php file to minimize the risk of exploitation. Avoid using the recordId variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.