VYPR

Admidio

by Admidio

Source repositories

CVEs (55)

  • CVE-2024-47836Oct 16, 2024
    risk 0.00cvss epss 0.00

    Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.

  • CVE-2024-38529Jul 29, 2024
    risk 0.00cvss epss 0.01

    Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the…

  • CVE-2024-37906Jul 29, 2024
    risk 0.00cvss epss 0.01

    Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a…

  • CVE-2023-47380Nov 22, 2023
    risk 0.00cvss epss 0.01

    Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).

  • CVE-2023-4190Aug 6, 2023
    risk 0.00cvss epss 0.01

    Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.

  • CVE-2023-3692Jul 16, 2023
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.

  • CVE-2023-3304Jun 23, 2023
    risk 0.00cvss epss 0.00

    Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

  • CVE-2023-3302Jun 23, 2023
    risk 0.00cvss epss 0.00

    Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.

  • CVE-2023-3303Jun 23, 2023
    risk 0.00cvss epss 0.00

    Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

  • CVE-2023-3109Jun 5, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.

  • CVE-2022-23896Jun 28, 2022
    risk 0.00cvss epss 0.01

    Admidio 4.1.2 version is affected by stored cross-site scripting (XSS).

  • CVE-2022-0991Mar 19, 2022
    risk 0.00cvss epss 0.01

    Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.

  • CVE-2021-43810Dec 7, 2021
    risk 0.00cvss epss 0.06

    Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of…

  • CVE-2021-32630May 20, 2021
    risk 0.00cvss epss 0.02

    Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload…

  • CVE-2020-11004Apr 24, 2020
    risk 0.00cvss epss 0.01

    SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie…

Page 3 of 3