Security research project demonstrating exploitation and mitigation of CVE-2025-70149, a critical SQL Injection vulnerability (CVSS 9.8/10) in CodeAstro Membership Management System v1.0.
| Field | Value |
|---|---|
| CVE ID | CVE-2025-70149 |
| CVSS Score | 9.8 CRITICAL |
| Type | SQL Injection (CWE-89) |
| Auth Required | None |
- Attacker: Kali Linux (192.168.63.5)
- Victim: Windows 10 + XAMPP (192.168.63.6)
- Tool: sqlmap 1.10.3
- Full database dumped remotely
- 9 member records extracted
- Admin credentials retrieved
- MD5 hash cracked
- PHP Prepared Statements
- Input Validation
- Least Privilege DB User
- Error Handling
T1190, T1082, T1005, T1555, M1026, M1027
This project was conducted in an isolated local environment for academic purposes only.