CVE-2025-70148
IDOR in CodeAstro Membership System Exposes User Data
Publication date: 2026-02-18
Last updated on: 2026-02-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codeastro | membership_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-70148 is a vulnerability in the CodeAstro Membership Management System 1.0, specifically in the print_membership_card.php endpoint.'}, {'type': 'paragraph', 'content': 'The issue is that this endpoint does not require any authentication or authorization before providing membership card data. An attacker can send HTTP requests with manipulated member ID parameters to access membership card information of any user without logging in.'}, {'type': 'paragraph', 'content': "Technically, the script takes the member ID directly from the request and uses it in a database query without verifying the requester's identity or permissions, leading to an Insecure Direct Object Reference (IDOR) vulnerability."}, {'type': 'paragraph', 'content': 'This allows unauthenticated attackers to enumerate and retrieve sensitive personal information of arbitrary members.'}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive personal information (PII) of members.
- Attackers can remotely access full names, dates of birth, gender, contact numbers, emails, addresses, countries/postcodes, occupations, membership numbers/types, expiry dates, and profile photo filenames of any member.
- Since no authentication is required, attackers can freely enumerate member IDs to harvest large amounts of sensitive data.
This exposure can lead to privacy violations, identity theft, and other malicious activities targeting affected individuals.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending unauthenticated HTTP GET requests to the print_membership_card.php endpoint with different id parameter values and observing if membership card data of arbitrary users is returned.'}, {'type': 'paragraph', 'content': 'A simple command to test this is using curl to request membership card data without authentication, for example:'}, {'type': 'list_item', 'content': 'curl -i "http://TARGET/print_membership_card.php?id=1"'}, {'type': 'paragraph', 'content': "By changing the id parameter to other values, you can check if other members' data is accessible, confirming the presence of the Insecure Direct Object Reference (IDOR) vulnerability."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include enforcing authentication at the start of the print_membership_card.php script to ensure only logged-in users can access membership card data.'}, {'type': 'list_item', 'content': "Implement session validation, for example by calling session_start() and denying access if $_SESSION['user_id'] is not set."}, {'type': 'list_item', 'content': 'Add authorization checks to restrict access to privileged roles or enforce ownership, so users can only access their own membership card data.'}, {'type': 'list_item', 'content': 'Apply defense-in-depth measures such as server-side logging and rate limiting to prevent enumeration of member IDs.'}, {'type': 'list_item', 'content': 'Consider using unpredictable identifiers like UUIDs instead of sequential numeric IDs to make ID enumeration more difficult.'}] [1]