Admidio
by Admidio
Source repositories
CVEs (55)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47836 | 0.00 | — | 0.00 | Oct 16, 2024 | Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue. | |||
| CVE-2024-38529 | 0.00 | — | 0.01 | Jul 29, 2024 | Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the… | |||
| CVE-2024-37906 | 0.00 | — | 0.01 | Jul 29, 2024 | Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a… | |||
| CVE-2023-47380 | 0.00 | — | 0.01 | Nov 22, 2023 | Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS). | |||
| CVE-2023-4190 | 0.00 | — | 0.01 | Aug 6, 2023 | Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11. | |||
| CVE-2023-3692 | 0.00 | — | 0.01 | Jul 16, 2023 | Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10. | |||
| CVE-2023-3304 | 0.00 | — | 0.00 | Jun 23, 2023 | Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | |||
| CVE-2023-3302 | 0.00 | — | 0.00 | Jun 23, 2023 | Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. | |||
| CVE-2023-3303 | 0.00 | — | 0.00 | Jun 23, 2023 | Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | |||
| CVE-2023-3109 | 0.00 | — | 0.00 | Jun 5, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. | |||
| CVE-2022-23896 | 0.00 | — | 0.01 | Jun 28, 2022 | Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). | |||
| CVE-2022-0991 | 0.00 | — | 0.01 | Mar 19, 2022 | Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. | |||
| CVE-2021-43810 | 0.00 | — | 0.06 | Dec 7, 2021 | Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of… | |||
| CVE-2021-32630 | 0.00 | — | 0.02 | May 20, 2021 | Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload… | |||
| CVE-2020-11004 | 0.00 | — | 0.01 | Apr 24, 2020 | SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie… |
- CVE-2024-47836Oct 16, 2024risk 0.00cvss —epss 0.00
Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.
- CVE-2024-38529Jul 29, 2024risk 0.00cvss —epss 0.01
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the…
- CVE-2024-37906Jul 29, 2024risk 0.00cvss —epss 0.01
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a…
- CVE-2023-47380Nov 22, 2023risk 0.00cvss —epss 0.01
Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).
- CVE-2023-4190Aug 6, 2023risk 0.00cvss —epss 0.01
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.
- CVE-2023-3692Jul 16, 2023risk 0.00cvss —epss 0.01
Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.
- CVE-2023-3304Jun 23, 2023risk 0.00cvss —epss 0.00
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.
- CVE-2023-3302Jun 23, 2023risk 0.00cvss —epss 0.00
Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.
- CVE-2023-3303Jun 23, 2023risk 0.00cvss —epss 0.00
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.
- CVE-2023-3109Jun 5, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.
- CVE-2022-23896Jun 28, 2022risk 0.00cvss —epss 0.01
Admidio 4.1.2 version is affected by stored cross-site scripting (XSS).
- CVE-2022-0991Mar 19, 2022risk 0.00cvss —epss 0.01
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.
- CVE-2021-43810Dec 7, 2021risk 0.00cvss —epss 0.06
Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of…
- CVE-2021-32630May 20, 2021risk 0.00cvss —epss 0.02
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload…
- CVE-2020-11004Apr 24, 2020risk 0.00cvss —epss 0.01
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie…
Page 3 of 3