Vendor CVEs
Admidio
All CVEs
55 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23896 | 0.00 | — | 0.01 | Jun 28, 2022 | Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). | |||
| CVE-2022-0991 | 0.00 | — | 0.01 | Mar 19, 2022 | Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. | |||
| CVE-2021-43810 | 0.00 | — | 0.06 | Dec 7, 2021 | Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of… | |||
| CVE-2021-32630 | 0.00 | — | 0.02 | May 20, 2021 | Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload… | |||
| CVE-2020-11004 | 0.00 | — | 0.01 | Apr 24, 2020 | SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie… |
- CVE-2022-23896Jun 28, 2022risk 0.00cvss —epss 0.01
Admidio 4.1.2 version is affected by stored cross-site scripting (XSS).
- CVE-2022-0991Mar 19, 2022risk 0.00cvss —epss 0.01
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.
- CVE-2021-43810Dec 7, 2021risk 0.00cvss —epss 0.06
Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of…
- CVE-2021-32630May 20, 2021risk 0.00cvss —epss 0.02
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload…
- CVE-2020-11004Apr 24, 2020risk 0.00cvss —epss 0.01
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie…
Page 2 of 2