CVE-2026-36387
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk17th percentile - higher than 17% of all known CVEs
Summary
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. Improper file sanitization allows attackers to inject malicious files, leading to RCE.
Risk Assessment
An attacker can take over the server, steal data, or install malware, compromising confidentiality, integrity, and availability.
Recommendation
Immediately update to the latest version or apply a security patch. Additionally, implement file type validation and restrict upload directory permissions.
Original NVD description (English source)
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE.

