CVE-2025-70150
Missing Authentication Allows Arbitrary Member Deletion in CodeAstro
Publication date: 2026-02-18
Last updated on: 2026-02-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codeastro | membership_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability impact me? :
This vulnerability can have severe impacts including complete unauthorized deletion of member records and associated data, resulting in data loss and disruption of service.
The SQL Injection aspect can also lead to unauthorized data disclosure, modification, or further deletion depending on the database privileges.
Additionally, attackers could degrade system performance using time-based SQL payloads.
Can you explain this vulnerability to me?
CVE-2025-70150 affects CodeAstro Membership Management System 1.0, a PHP-based application. The vulnerability is a missing authentication and authorization check in the delete_members.php script, which allows unauthenticated attackers to delete arbitrary member records by manipulating the id parameter.
The delete_members.php endpoint accepts an id parameter via GET requests and directly concatenates it into SQL queries without validation or use of prepared statements, leading to SQL Injection.
This means attackers can remotely send crafted requests to delete any or all member records without logging in, exploiting broken access control and SQL Injection vulnerabilities.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthenticated GET requests to the delete_members.php endpoint with an id parameter that triggers member deletion.'}, {'type': 'paragraph', 'content': 'A typical detection method involves checking web server logs or using network monitoring tools to identify requests like:'}, {'type': 'list_item', 'content': 'GET /delete_members.php?id=-1+OR+1=1;--'}, {'type': 'paragraph', 'content': 'Such requests indicate attempts to exploit the SQL Injection and missing authentication vulnerability.'}, {'type': 'paragraph', 'content': 'You can use command-line tools like curl or wget to test the endpoint manually, for example:'}, {'type': 'list_item', 'content': 'curl -v "http://yourserver/delete_members.php?id=-1+OR+1=1;--"'}, {'type': 'list_item', 'content': 'tcpdump or Wireshark filters to capture HTTP GET requests to delete_members.php with suspicious id parameters.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include enforcing authentication and authorization checks in delete_members.php to prevent unauthenticated access.'}, {'type': 'list_item', 'content': "Add session validation at the start of delete_members.php, for example: checking if $_SESSION['user_id'] is set and returning a 403 Forbidden response if not."}, {'type': 'list_item', 'content': 'Restrict deletion functionality to authorized roles only, such as administrators.'}, {'type': 'list_item', 'content': 'Change the deletion request method from GET to POST and implement CSRF protection to prevent unauthorized requests.'}, {'type': 'list_item', 'content': 'Use parameterized SQL queries (prepared statements) and validate or cast the id parameter strictly as an integer to prevent SQL Injection.'}, {'type': 'list_item', 'content': 'Apply least privilege principles to the database user account to limit the impact of any potential exploitation.'}] [1]