Skip to main content

CODEASTRO Membership Management System CVE-2026-36387

| EUVD-2026-28391 MEDIUM
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-05-07 mitre GHSA-rj73-qp5q-ppqx
PHP RCE File Upload
6.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
May 07, 2026 - 18:01 vuln.today
CVSS changed
May 07, 2026 - 17:22 NVD
6.5 (MEDIUM)
CVE Published
May 07, 2026 - 00:00 nvd
UNKNOWN (no severity yet)
CVE Published
May 07, 2026 - 00:00 nvd
MEDIUM 6.5

DescriptionNVD

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE.

AnalysisAI

Remote code execution in CODEASTRO Membership Management System v1.0 allows unauthenticated attackers to upload and execute arbitrary files via the /add_members.php endpoint due to improper file sanitization. The vulnerability enables confidentiality and integrity compromise with CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N), indicating network-accessible exploitation with no authentication or user interaction required. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-36387 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy