DawnOfDedSec/CVE-WriteUps

Releases0

Stars1

Welcome to the CVE Write-Up Repository! This repository serves as a comprehensive collection of detailed write-ups and analyses for various Common Vulnerabilities and Exposures (CVEs). Each write-up includes an in-depth explanation of the vulnerability, its impact, affected systems, proof-of-concept (PoC) exploits, and mitigation strategies.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-46470 ↗	Sep 27, 2024Friday, 27 September 2024, 15:15	6.1 MEDIUM	—
Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component.
CVE-2024-46471 ↗	Sep 27, 2024Friday, 27 September 2024, 15:15	7.5 HIGH	—
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information.
CVE-2024-46472 ↗	Sep 27, 2024Friday, 27 September 2024, 15:15	8.6 HIGH	—
CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page.