CVE-2024-1924

Name of the Vulnerable Software and Affected Versions CodeAstro Membership Management System version 1.0

Description A critical issue has been found in the CodeAstro Membership Management System. The problem affects the /get membership amount.php file, where the manipulation of the membershipTypeId argument can lead to SQL injection. This issue can be exploited remotely.

Recommendations For CodeAstro Membership Management System version 1.0, consider restricting access to the /get membership amount.php file until a patch is available. As a temporary workaround, avoid using the membershipTypeId argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.