Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Admidio Security Vulnerabilities

cve
cve

CVE-2023-47380

Admidio v4.2.12 and below is vulnerable to Cross Site Scripting...

6.1CVSS

6.7AI Score

0.001EPSS

2023-11-22 03:15 PM
27
cve
cve

CVE-2023-4190

Insufficient Session Expiration in GitHub repository admidio/admidio prior to...

6.5CVSS

6.4AI Score

0.0005EPSS

2023-08-06 01:15 AM
27
cve
cve

CVE-2023-3692

Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to...

6.7CVSS

6.9AI Score

0.001EPSS

2023-07-16 01:15 AM
36
cve
cve

CVE-2023-3304

Improper Access Control in GitHub repository admidio/admidio prior to...

5.9CVSS

5.4AI Score

0.0004EPSS

2023-06-23 01:15 PM
26
cve
cve

CVE-2023-3302

Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to...

6.6CVSS

7.6AI Score

0.001EPSS

2023-06-23 01:15 PM
25
cve
cve

CVE-2023-3303

Improper Access Control in GitHub repository admidio/admidio prior to...

6.4CVSS

4AI Score

0.0004EPSS

2023-06-23 01:15 PM
22
cve
cve

CVE-2023-3109

Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to...

6.3CVSS

5.3AI Score

0.001EPSS

2023-06-05 04:15 PM
97
cve
cve

CVE-2022-23896

Admidio 4.1.2 version is affected by stored cross-site scripting...

5.4CVSS

5.3AI Score

0.001EPSS

2022-06-28 01:15 PM
54
5
cve
cve

CVE-2022-0991

Insufficient Session Expiration in GitHub repository admidio/admidio prior to...

7.1CVSS

6.8AI Score

0.001EPSS

2022-03-19 08:15 AM
81
cve
cve

CVE-2021-43810

Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter......

6.1CVSS

5.8AI Score

0.004EPSS

2021-12-07 10:15 PM
23
5
cve
cve

CVE-2021-32630

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could...

8.8CVSS

8.6AI Score

0.004EPSS

2021-05-20 05:15 PM
39
2
cve
cve

CVE-2020-11004

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute...

7.5CVSS

8AI Score

0.002EPSS

2020-04-24 09:15 PM
82
cve
cve

CVE-2017-8382

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user...

4.5CVSS

4.8AI Score

0.004EPSS

2017-05-16 10:29 AM
36
cve
cve

CVE-2017-6492

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input...

7.2CVSS

8.7AI Score

0.001EPSS

2017-03-05 08:59 PM
20
cve
cve

CVE-2008-5209

Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file...

6.9AI Score

0.028EPSS

2008-11-24 05:30 PM
21