CVE Catalog

CVE-2026-36387

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile - higher than 17% of all known CVEs

Summary

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. Improper file sanitization allows attackers to inject malicious files, leading to RCE.

Risk Assessment

An attacker can take over the server, steal data, or install malware, compromising confidentiality, integrity, and availability.

Recommendation

Immediately update to the latest version or apply a security patch. Additionally, implement file type validation and restrict upload directory permissions.

Original NVD description (English source)

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS