Admidio

admidio

Vendor: Admidio • 32 CVEs

CVEs (32)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-3304 1Admidio 1Admidio Nov 21, 2024 Jun 23, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.
CVE-2023-3303 1Admidio 1Admidio Nov 21, 2024 Jun 23, 2023 N/A· v4 3.5 LOW· v3 N/A· v2 Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.
CVE-2023-3302 1Admidio 1Admidio Nov 21, 2024 Jun 23, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.
CVE-2023-3109 1Admidio 1Admidio Nov 21, 2024 Jun 5, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.
CVE-2022-23896 1Admidio 1Admidio Nov 21, 2024 Jun 28, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Admidio 4.1.2 version is affected by stored cross-site scripting (XSS).
CVE-2022-0991 1Admidio 1Admidio Nov 21, 2024 Mar 19, 2022 N/A· v4 7.1 HIGH· v3 6.4 MEDIUM· v2 Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.
CVE-2021-43810 1Admidio 1Admidio Nov 21, 2024 Dec 7, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs be...Show more Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12.Show less
CVE-2021-32630 1Admidio 1Admidio Nov 21, 2024 May 20, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via th...Show more Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could rename the php shell with a .phar extension, visit the file, triggering the payload for a reverse/bind shell. This can be mitigated by excluding a .phar file extension to be uploaded (like you did with .php .phtml .php5 etc). The vulnerability is patched in version 4.0.4.Show less
CVE-2020-11004 1Admidio 1Admidio Nov 21, 2024 Apr 24, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET req...Show more SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13.Show less
CVE-2017-8382 1Admidio 1Admidio May 13, 2026 May 16, 2017 N/A· v4 4.5 MEDIUM· v3 3.5 LOW· v2 admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
CVE-2017-6492 1Admidio 1Admidio May 13, 2026 Mar 5, 2017 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.
CVE-2008-5209 1Admidio 1Admidio Apr 23, 2026 Nov 24, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Previous 12