Lopalopa

Live Membership System

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-40482

Exploit
  • EPSS 0.41%
  • Veröffentlicht 12.08.2024 13:38:29
  • Zuletzt bearbeitet 28.04.2025 14:32:00

An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.

9.8

CVE-2024-40486

Exploit
  • EPSS 0.14%
  • Veröffentlicht 12.08.2024 13:38:29
  • Zuletzt bearbeitet 28.04.2025 14:29:24

A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters.

7.6

CVE-2024-40487

Exploit
  • EPSS 2.08%
  • Veröffentlicht 12.08.2024 13:38:29
  • Zuletzt bearbeitet 28.04.2025 14:28:51

A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter.

8.8

CVE-2024-40488

Exploit
  • EPSS 0.42%
  • Veröffentlicht 12.08.2024 13:38:29
  • Zuletzt bearbeitet 28.04.2025 14:24:28

A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete M...