Admidio

Admidio

18 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2022-23896

Exploit
  • EPSS 0.2%
  • Published 28.06.2022 13:15:12
  • Last modified 21.11.2024 06:49:25

Admidio 4.1.2 version is affected by stored cross-site scripting (XSS).

7.1

CVE-2022-0991

Exploit
  • EPSS 0.24%
  • Published 19.03.2022 08:15:06
  • Last modified 21.11.2024 06:39:48

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.

6.1

CVE-2021-43810

  • EPSS 62.97%
  • Published 07.12.2021 22:15:06
  • Last modified 21.11.2024 06:29:50

Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not pr...

8.8

CVE-2021-32630

Exploit
  • EPSS 0.48%
  • Published 20.05.2021 17:15:07
  • Last modified 21.11.2024 06:07:25

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload fea...

7.5

CVE-2020-11004

  • EPSS 0.29%
  • Published 24.04.2020 21:15:13
  • Last modified 21.11.2024 04:56:33

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL querie...

4.5

CVE-2017-8382

Exploit
  • EPSS 0.65%
  • Published 16.05.2017 10:29:00
  • Last modified 20.04.2025 01:37:25

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

9

CVE-2017-6492

Exploit
  • EPSS 0.47%
  • Published 05.03.2017 20:59:00
  • Last modified 20.04.2025 01:37:25

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.

5

CVE-2008-5209

Exploit
  • EPSS 1.67%
  • Published 24.11.2008 17:30:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.