CVE-2021-43810
- EPSS 5.78%
- Veröffentlicht 07.12.2021 22:15:06
- Zuletzt bearbeitet 21.11.2024 06:29:50
Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not pr...
CVE-2021-32630
- EPSS 1.56%
- Veröffentlicht 20.05.2021 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:07:25
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload fea...
CVE-2020-11004
- EPSS 1.48%
- Veröffentlicht 24.04.2020 21:15:13
- Zuletzt bearbeitet 21.11.2024 04:56:33
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL querie...
CVE-2017-8382
- EPSS 2.63%
- Veröffentlicht 16.05.2017 10:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
- EPSS 1.36%
- Veröffentlicht 05.03.2017 20:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.
- EPSS 2.76%
- Veröffentlicht 24.11.2008 17:30:00
- Zuletzt bearbeitet 16.06.2026 22:59:28
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.