CVE-2024-40482

Name of the Vulnerable Software and Affected Versions Kashipara Live Membership System version 1.0

Description An Unrestricted file upload vulnerability was found in the "/Membership/edit member.php" endpoint of the Kashipara Live Membership System, which allows attackers to execute arbitrary code via uploading a crafted PHP file.

Recommendations For Kashipara Live Membership System version 1.0, consider disabling the file upload functionality in the "/Membership/edit member.php" endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.