N/A

Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR).

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

N/A

CodeAstro Membership Management System 安全漏洞

CodeAstro Membership Management System是CodeAstro公司的一个员管理系统。 CodeAstro Membership Management System 1.0版本存在安全漏洞，该漏洞源于print_membership_card.php缺少身份验证和授权，可能导致未经验证的攻击者通过操纵id参数访问任意用户数据，造成不安全的直接对象引用。

N/A

N/A