CVE-2025-70150

Name of the Vulnerable Software and Affected Versions CodeAstro Membership Management System version 1.0

Description The software contains a missing authentication check in the delete members.php script. This allows attackers to delete member records without being authenticated. The issue is due to a lack of protection on the id parameter. An attacker can exploit this by providing a valid id to the delete members.php script, resulting in the deletion of the corresponding member record. The API endpoint involved is delete members.php. The vulnerable parameter is id.

Recommendations Apply authentication checks to the delete members.php script to ensure only authorized users can delete member records. Restrict access to the delete members.php script to authenticated users only. Implement proper input validation for the id parameter to prevent unauthorized access.