What is the severity of CVE-2024-40488?

CVE-2024-40488 is classified as a moderate severity Cross-Site Request Forgery (CSRF) vulnerability.

How do I fix CVE-2024-40488?

To fix CVE-2024-40488, implement anti-CSRF tokens in the forms and verify them on the server side.

Who is affected by CVE-2024-40488?

CVE-2024-40488 affects users of the Kashipara Live Membership System version 1.0.

What could an attacker achieve by exploiting CVE-2024-40488?

By exploiting CVE-2024-40488, an attacker could trick an administrator into deleting valid member data.

What is the nature of the vulnerability in CVE-2024-40488?

CVE-2024-40488 is a Cross-Site Request Forgery (CSRF) vulnerability that can be exploited through crafted HTML pages.

Vulnerability/
CVE-2024-40488

high

8.8

CWE

352

8/8/2024

28/4/2025

CVE-2024-40488: CSRF

First published: Thu Aug 08 2024(Updated: )

A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Kashipara Live Membership System
Lopalopa Live Membership System	=1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-40488?
CVE-2024-40488 is classified as a moderate severity Cross-Site Request Forgery (CSRF) vulnerability.
How do I fix CVE-2024-40488?
To fix CVE-2024-40488, implement anti-CSRF tokens in the forms and verify them on the server side.
Who is affected by CVE-2024-40488?
CVE-2024-40488 affects users of the Kashipara Live Membership System version 1.0.
What could an attacker achieve by exploiting CVE-2024-40488?
By exploiting CVE-2024-40488, an attacker could trick an administrator into deleting valid member data.
What is the nature of the vulnerability in CVE-2024-40488?
CVE-2024-40488 is a Cross-Site Request Forgery (CSRF) vulnerability that can be exploited through crafted HTML pages.

agent/weakness
agent/references
agent/type
agent/description
agent/first-publish-date
agent/author
collector/mitre-cve
source/MITRE
agent/severity
agent/source
agent/guess-ai
agent/software-canonical-lookup
agent/last-modified-date
agent/softwarecombine
agent/event
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
vendor/kashipara
canonical/kashipara live membership system
vendor/lopalopa
canonical/lopalopa live membership system
version/lopalopa live membership system/1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2024-40488?
CVE-2024-40488 is classified as a moderate severity Cross-Site Request Forgery (CSRF) vulnerability.
How do I fix CVE-2024-40488?
To fix CVE-2024-40488, implement anti-CSRF tokens in the forms and verify them on the server side.
Who is affected by CVE-2024-40488?
CVE-2024-40488 affects users of the Kashipara Live Membership System version 1.0.
What could an attacker achieve by exploiting CVE-2024-40488?
By exploiting CVE-2024-40488, an attacker could trick an administrator into deleting valid member data.
What is the nature of the vulnerability in CVE-2024-40488?
CVE-2024-40488 is a Cross-Site Request Forgery (CSRF) vulnerability that can be exploited through crafted HTML pages.