CVE-2025-70148 HIGH

CVE-2025-70148

Vendor N/A
Product n/a
Published February 18, 2026
Last update February 19, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N

What the vulnerability does

01Description

Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR).

Key dates

02Disclosure timeline

February 18, 2026 CVE published
February 19, 2026 Record updated