CVE-2025-3998 – CodeAstro Membership Management System SQL Injection Vulnerability

April 28, 2025

CVE ID : CVE-2025-3998

Published : April 28, 2025, 4:15 a.m. | 4 hours, 13 minutes ago

Description : A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3999 – Seeyon Zhiyuan OA Web Application System Cross-Site Scripting Vulnerability

Next Article CVE-2025-3997 – Dazhouda lecms Cross-Site Request Forgery (CSRF) Vulnerability

Highlights

Development

Jmeter env custom function doesn’t read environment variable

July 26, 2024

I was following blazemeter tutorial on how to run Jmeter script from the command line (cmd.exe in Windows10 OS). I’m trying to pass environment variable to the Jmeter ${__env} (according to this page) custom function, using Jmeter script from the command line. Below is the screenshot of the env function in Jmeter UI

I’ve also tried without quotes ${__env(password)} and also using JSR223 PreProcessor

vars.put(“password”,${__env(password)});

but that didn’t work either.

Below is my command line

set password=MyPassword123
jmeter -n -t C:WorkJmeterMyScript.jmx

But Jmeter fails to execute my test plan

Creating summariser <summary>
Created the tree successfully using C:WorkJmeterMyScript.jmx
Starting the test @ Fri Sep 28 16:45:38 EDT 2018 (1538167538606)
Waiting for possible Shutdown/StopTestNow/Heapdump message on port 4445
summary = 2 in 00:00:01 = 3.1/s Avg: 250 Min: 1 Max: 499 Err: 1 (50.00%)
Tidying up … @ Fri Sep 28 16:45:39 EDT 2018 (1538167539431)
… end of run

Is it possible to read environment variable using Jmeter? How to properly set it up. Has anyone able to achieve this before? Thanks a lot people!

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

New Xbox games launching this week, from April 28 through May 4 — Towerborne arrives in Xbox Game Pass

DistroWatch Weekly, Issue 1119

BSD Release: OpenBSD 7.7

‘Clair Obscur: Expedition 33’ utterly destroys Square Enix’s gaslighting over Final Fantasy turn-based combat

Is ABC Classification a thing of the past?

Is ABC Classification a thing of the past?

cybercog/laravel-clickhouse

Building Rich Text Editors with React – Tiptap UI Components

New Xbox games launching this week, from April 28 through May 4 — Towerborne arrives in Xbox Game Pass

New Xbox games launching this week, from April 28 through May 4 — Towerborne arrives in Xbox Game Pass

Microsoft tells Windows 10 users to buy Copilot+ AI Windows 11 PC because it’s better

DistroWatch Weekly, Issue 1119

CVE-2025-3998 – CodeAstro Membership Management System SQL Injection Vulnerability

CVE-2025-3996 – TOTOLINK N150RT Cross-Site Scripting Vulnerability

CVE-2025-3706 – 104 Corporation eHRMS Reflected Cross-site Scripting Vulnerability

Zyphra Introduces Zyda Dataset: A 1.3 Trillion Token Dataset for Open Language Modeling

Build Your Own ANI-Powered Search Engine in Minutes

CVE-2025-32984 – NETSCOUT nGeniusONE Stored Cross-Site Scripting (XSS)

FlexTok: Resampling Images into 1D Token Sequences of Flexible Length

Jmeter env custom function doesn’t read environment variable

The Red Door – Bookspotz Chatstories

Hands-on: Windows 11’s new Lock Screen Widget customization with 3rd party apps

Intelligent healthcare assistants: Empowering stakeholders with personalized support and data-driven insights

CVE-2025-3998 – CodeAstro Membership Management System SQL Injection Vulnerability

Related Posts