VYPR

Vendor CVEs

Admidio

All CVEs

55 total · sorted by risk
  • CVE-2017-6492HigMar 5, 2017
    risk 0.47cvss 7.2epss 0.01

    SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.

  • CVE-2026-41670HigMay 7, 2026
    risk 0.46cvss 8.2epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without…

  • CVE-2026-41669HigMay 7, 2026
    risk 0.46cvss 8.2epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature() method at both call sites (handleSSORequest() line 418 and handleSLORequest() line 613). The method…

  • CVE-2026-34381HigMar 31, 2026
    risk 0.42cvss 7.5epss 0.01

    Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes…

  • CVE-2026-41660HigMay 7, 2026
    risk 0.39cvss 7.1epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including…

  • CVE-2026-47231higMay 29, 2026
    risk 0.38cvss epss 0.00

    ## Summary `modules/documents-files.php` gates state-changing modes by checking that the actor has `hasUploadRight()` on the URL parameter `folder_uuid`. The `move_save` handler then operates on a *separate* URL parameter `file_uuid` and calls…

  • CVE-2026-42194MedMay 7, 2026
    risk 0.37cvss 6.8epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetch_metadata.php validates the resolved IP address but passes the original hostname-based URL to curl_init(), leaving a DNS rebinding TOCTOU window that allows…

  • CVE-2026-41671MedMay 7, 2026
    risk 0.37cvss 6.8epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint (/modules/sso/index.php/oidc/introspect) always returns {"active": true} for every request, regardless of whether a valid token is provided, whether the token is…

  • CVE-2026-41658MedMay 7, 2026
    risk 0.35cvss 6.5epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations (delete, retire, reinstate) only in the UI layer by conditionally rendering buttons. The backend POST handlers at…

  • CVE-2026-41655MedMay 7, 2026
    risk 0.35cvss 6.5epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, the ecard_preview.php endpoint does not validate that the ecard_template POST parameter is a safe filename before passing it to ECard::getEcardTemplate(). An authenticated user can supply a path…

  • CVE-2026-41661MedMay 7, 2026
    risk 0.33cvss 6.1epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msg_window.php. The endpoint passes user input through htmlspecialchars(),…

  • CVE-2018-25370MedMay 25, 2026
    risk 0.27cvss 5.3epss 0.00

    Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting roles_function.php with parameters like rol_assign_roles,…

  • CVE-2026-41662MedMay 7, 2026
    risk 0.27cvss 5.2epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership() does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership() contains this safety check, but the…

  • CVE-2026-41657MedMay 7, 2026
    risk 0.25cvss 4.9epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, the contacts_data.php endpoint uses a weaker permission check (isAdministratorUsers(), requiring only rol_edit_user=true) than the frontend UI (contacts.php) which correctly requires the stronger…

  • CVE-2017-8382MedMay 16, 2017
    risk 0.25cvss 4.5epss 0.03

    admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

  • CVE-2026-34382MedMar 31, 2026
    risk 0.23cvss 4.6epss 0.00

    Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylist_function.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious…

  • CVE-2026-41656MedMay 7, 2026
    risk 0.22cvss 4.5epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type (HTML encoding), allowing path traversal characters (../) to pass through unfiltered. Combined with…

  • CVE-2026-34384MedMar 31, 2026
    risk 0.22cvss 4.5epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.8, the create_user, assign_member, and assign_user action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the delete_user mode in…

  • CVE-2026-34383MedMar 31, 2026
    risk 0.21cvss 4.3epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An…

  • CVE-2026-41663LowMay 7, 2026
    risk 0.16cvss 3.5epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, htaccess generation) fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies…

  • CVE-2026-41659LowMay 7, 2026
    risk 0.11cvss 2.7epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint (members_assignment_data.php) includes hidden profile fields (BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY) in its SQL search condition regardless of field…

  • CVE-2008-5209Nov 24, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

  • CVE-2026-47233May 29, 2026
    risk 0.00cvss epss 0.00

    ## Summary Commit `d37ca6b27b9674238e58491cf7ba292e66898f15` ("Delete item not check admin rights #2024", 2026-04-12) added a missing `isAdministratorInventory()` gate to `case 'item_delete':` in `modules/inventory.php`. The same fix was not applied to the sibling `case…

  • CVE-2026-47234May 29, 2026
    risk 0.00cvss epss 0.00

    ## Summary When debug logging is enabled, `Session::setCookie()` logs full cookie values and `Session::start()` logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the…

  • CVE-2026-47232May 29, 2026
    risk 0.00cvss epss 0.00

    ## Summary The sensitive `mode=export` action in `modules/sso/keys.php` exports a PKCS#12 bundle containing the configured private key and certificate, but the CSRF validation line is commented out. A forged cross-site POST from an administrator session can therefore trigger…

  • CVE-2026-47230May 29, 2026
    risk 0.00cvss epss 0.00

    ## Summary `modules/documents-files.php` mode `file_rename_save` shares the same root-cause shape as the cross-folder move bug (`05-documents-cross-folder-move-idor.md`): the top-level rights check at lines 79-89 validates `hasUploadRight()` on the URL parameter `folder_uuid`,…

  • CVE-2026-47229May 29, 2026
    risk 0.00cvss epss 0.00

    ## Summary `modules/sso/clients.php` validates an `adm_csrf_token` on every state-changing branch except `enable`. The `enable` case loads the SAML or OIDC client by UUID, calls `$client->enable($enabled)`, and persists the new state with no token check. Because the action is…

  • CVE-2026-47228May 29, 2026
    risk 0.00cvss epss 0.00

    ## Summary `modules/registration.php` mode `send_login` regenerates a random password for `user_uuid_assigned`, stores its bcrypt hash in `adm_users.usr_password`, and emails the cleartext to that user. Every other state-changing mode in the same file (`assign_member`,…

  • CVE-2026-47227May 29, 2026
    risk 0.00cvss epss 0.00

    ## Summary `modules/categories.php` checks that the supplied `type` parameter (`ANN`, `EVT`, `ROL`, `USF`, …) corresponds to a module the actor administers. The follow-up "is this specific category editable by me" check at lines 56-61 is dead code because it compares…

  • CVE-2026-47226May 29, 2026
    risk 0.00cvss epss 0.00

    ### Summary An authenticated Admidio member with upload rights on **any one folder** can permanently delete files from folders where they have only view access. The authorization check at the top of `modules/documents-files.php` evaluates upload rights against the…

  • CVE-2026-32813Mar 20, 2026
    risk 0.00cvss epss 0.00

    Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied…

  • CVE-2026-32817Mar 20, 2026
    risk 0.00cvss epss 0.00

    Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents and files module does not verify whether the current user has permission to delete folders or files. The folder_delete and file_delete action handlers in…

  • CVE-2026-32812Mar 20, 2026
    risk 0.00cvss epss 0.00

    Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted URL fetch in the SSO Metadata API can result in SSRF and local file reads. The SSO Metadata fetch endpoint at modules/sso/fetch_metadata.php accepts an arbitrary URL via…

  • CVE-2026-32757Mar 19, 2026
    risk 0.00cvss epss 0.00

    Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $_POST['ecard_message'] value instead of the HTMLPurifier-sanitized $formValues['ecard_message'] when constructing the greeting card HTML. This allows an…

  • CVE-2026-32756Mar 19, 2026
    risk 0.00cvss epss 0.01

    Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unrestricted file upload vulnerability in the Documents & Files module. Due to a design flaw in how CSRF token validation and file extension verification interact within…

  • CVE-2026-32818Mar 19, 2026
    risk 0.00cvss epss 0.00

    Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the forum module in Admidio does not verify whether the current user has permission to delete forum topics or posts. Both the topic_delete and post_delete actions in forum.php only validate the…

  • CVE-2026-32816Mar 19, 2026
    risk 0.00cvss epss 0.00

    Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groups_roles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The…

  • CVE-2026-32755Mar 19, 2026
    risk 0.00cvss epss 0.00

    Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership action in modules/profile/profile_function.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks…

  • CVE-2026-30927Mar 9, 2026
    risk 0.00cvss epss 0.00

    Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/events_function.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the user_uuid GET parameter. The condition uses ||…

  • CVE-2025-62617Oct 22, 2025
    risk 0.00cvss epss 0.00

    Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an…

  • CVE-2024-47836Oct 16, 2024
    risk 0.00cvss epss 0.00

    Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.

  • CVE-2024-38529Jul 29, 2024
    risk 0.00cvss epss 0.01

    Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the…

  • CVE-2024-37906Jul 29, 2024
    risk 0.00cvss epss 0.01

    Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a…

  • CVE-2023-47380Nov 22, 2023
    risk 0.00cvss epss 0.01

    Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).

  • CVE-2023-4190Aug 6, 2023
    risk 0.00cvss epss 0.01

    Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.

  • CVE-2023-3692Jul 16, 2023
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.

  • CVE-2023-3303Jun 23, 2023
    risk 0.00cvss epss 0.00

    Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

  • CVE-2023-3302Jun 23, 2023
    risk 0.00cvss epss 0.00

    Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.

  • CVE-2023-3304Jun 23, 2023
    risk 0.00cvss epss 0.00

    Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

  • CVE-2023-3109Jun 5, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.

Page 1 of 2