VYPR
Unrated severityNVD Advisory· Published Apr 24, 2020· Updated Aug 4, 2024

SQL Injection in Admidio

CVE-2020-11004

Description

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Admidio/Admidiollm-fuzzy2 versions
    <3.3.13+ 1 more
    • (no CPE)range: <3.3.13
    • (no CPE)range: < 3.3.13

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.