CVE-2026-5041

Name of the Vulnerable Software and Affected Versions code-projects Chamber of Commerce Membership Management System version 1.0

Description A flaw exists in the Chamber of Commerce Membership Management System that allows for command injection. This issue is located in the fwrite function within the admin/pageMail.php file. The mailSubject and mailMessage arguments can be manipulated to execute arbitrary commands. The attack can be initiated remotely, and an exploit is publicly available.

Recommendations Versions prior to 1.0 are affected. As a temporary workaround, consider restricting access to the admin/pageMail.php file until a fix is available. Avoid using the mailSubject and mailMessage parameters in the affected file until the issue is resolved.