CVE-2025-70149

CRITICAL

CodeAstro Membership 1.0 - SQL Injection

Title source: llm

EIP tracks 1 public exploit for CVE-2025-70149. PoCs published by Anusha-Khan29.

CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.

nomisec FAILED

by Anusha-Khan29 · poc

Core 2

Core References

Various Sources

Various Sources

CVSS v3 9.8

EPSS 0.0005

EPSS Percentile 16.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

CWE

CWE-89

Status published

Products (1)

codeastro/membership_management_system 1.0

Published Feb 18, 2026

Tracked Since Feb 18, 2026