CVE-2024-40486

CRITICAL

Kashipara Live Membership System v1.0 - SQL Injection

Title source: llm
STIX 2.1

Description

A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters.

Scores

CVSS v3 9.8
EPSS 0.0102
EPSS Percentile 59.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
lopalopa/live_membership_system 1.0
Published Aug 12, 2024
Tracked Since Feb 18, 2026