CVE-2024-40488

Name of the Vulnerable Software and Affected Versions Kashipara Live Membership System version 1.0

Description A Cross-Site Request Forgery (CSRF) issue was found in the Kashipara Live Membership System. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the "/delete members.php" API endpoint. The Delete Member action can be exploited to manipulate the administrator into performing unintended actions.

Recommendations For Kashipara Live Membership System version 1.0, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests. As a temporary workaround, restrict access to the "/delete members.php" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.