PT-2026-20465 · Unknown · Codeastro Membership Management System
Published
2026-02-18
·
Updated
2026-02-24
·
CVE-2025-70148
CVSS v3.1
7.5
High
| Vector | AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
CodeAstro Membership Management System version 1.0
Description
The application lacks proper authentication and authorization in the
print membership card.php file. This allows unauthenticated attackers to access membership card data belonging to any user by directly requesting the file with a manipulated id parameter. This results in an insecure direct object reference (IDOR).Recommendations
Implement proper authentication and authorization checks in the
print membership card.php file to ensure that only authorized users can access membership card data. Validate the id parameter to prevent direct object reference vulnerabilities.Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Codeastro Membership Management System