Admidio
admidio
32 CVEs • 1 product
Products (1)
Click to collapseToggle
Products (1)
Click to collapse
CVEs (32)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. |
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. |
Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. |
Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. |
Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). |
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. |
Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs be...Show more |
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via th...Show more |
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET req...Show more |
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. |
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization. |
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |