Home

Description

Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR).

PUBLISHED Reserved 2026-01-09 | Published 2026-02-18 | Updated 2026-02-19 | Assigner mitre




HIGH: 7.5CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N

References

youngkevinn.github.io/posts/CVE-2025-70148-Membership-IDOR/ exploit

www.phpscriptsonline.com/...t/membership-management-software

youngkevinn.github.io/posts/CVE-2025-70148-Membership-IDOR/

cve.org (CVE-2025-70148)

nvd.nist.gov (CVE-2025-70148)

Download JSON