VYPR

Vendor CVEs

Admidio

All CVEs

55 total · sorted by risk
  • CVE-2022-23896Jun 28, 2022
    risk 0.00cvss epss 0.01

    Admidio 4.1.2 version is affected by stored cross-site scripting (XSS).

  • CVE-2022-0991Mar 19, 2022
    risk 0.00cvss epss 0.01

    Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.

  • CVE-2021-43810Dec 7, 2021
    risk 0.00cvss epss 0.06

    Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of…

  • CVE-2021-32630May 20, 2021
    risk 0.00cvss epss 0.02

    Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload…

  • CVE-2020-11004Apr 24, 2020
    risk 0.00cvss epss 0.01

    SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie…

Page 2 of 2