GCVE - cpe:2.3:a:kashipara:live_membership

Approved changes feed: RSS · Atom

cpe:2.3:a:kashipara:live_membership_system:1.0:*:*:*:*:*:*:*

part: a version: 1.0 update: *

Vendor	Kashipara (`6b7db86c-2a94-5a2d-adbe-6158c7191f84`)
Product	Live Membership System (`5f553718-0d24-5647-ab87-ad5c3becb833`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-40488`	vulnerable	2026-06-03 14:56:32.827535	Details available A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php. Published: 2024-08-08T00:00:00.000Z Updated: 2024-08-09T17:50:21.651Z Open on db.gcve.eu Reference links https://capec.mitre.org/data/definitions/62.html https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/CSRF.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-40487`	vulnerable	2026-06-03 14:56:32.827207	Details available A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. Published: 2024-08-08T00:00:00.000Z Updated: 2024-08-23T15:10:25.611Z Open on db.gcve.eu Reference links https://www.kashipara.com/project/php/12997/live-membership-system-in-php-php-project-source-code https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Stored%20XSS.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-40486`	vulnerable	2026-06-03 14:56:32.826862	Details available A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. Published: 2024-08-08T00:00:00.000Z Updated: 2024-08-09T14:03:49.800Z Open on db.gcve.eu Reference links https://www.kashipara.com/project/php/12997/live-membership-system-in-php-php-project-source-code https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/SQL%20Injection.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-40482`	vulnerable	2026-06-03 14:56:32.823588	Details available An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. Published: 2024-08-08T00:00:00.000Z Updated: 2024-08-09T16:16:43.963Z Open on db.gcve.eu Reference links https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Unrestricted%20File%20Upload.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Live Membership System

PURL mappings

Vulnerability references

Contribute