CVE-2025-70150 | THREATINT

Description

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.

PUBLISHED Reserved 2026-01-09 | Published 2026-02-18 | Updated 2026-02-18 | Assigner mitre

CRITICAL: 9.8CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

References

youngkevinn.github.io/...025-70150-Membership-Unauth-Delete/ exploit

www.phpscriptsonline.com/...t/membership-management-software

youngkevinn.github.io/...025-70150-Membership-Unauth-Delete/

cve.org (CVE-2025-70150)

nvd.nist.gov (CVE-2025-70150)

Download JSON