3 matches found
CVE-2026-32813
Admidio has a second-order SQL injection via its list configuration feature. Authenticated users can store arbitrary values in the list configuration (notably in lsc_special_field, lsc_sort, and lsc_filter) which are later interpolated unsafely into SQL during list rendering, enabling data exfilt...
CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)
Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...
CVE-2026-32813
Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...