Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the savemembership process. An attacker can alter membership start and end dates for any member of...

GHSA-2V5M-CQ9W-FC33 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Summary An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lea...

EUVD-2020-3398

Malware in sbrugna...

CVE-2024-47836 Admidio vulnerable to HTML Injection In The Messages Section

Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue...

CVE-2023-47380

Admidio v4.2.12 and below is vulnerable to Cross Site Scripting XSS...

CVE-2023-47380

Admidio v4.2.12 and below is vulnerable to Cross Site Scripting XSS...

PT-2023-25739 · Admidio · Admidio

Name of the Vulnerable Software and Affected Versions: admidio/admidio versions prior to 4.2.10 Description: The issue concerns an unrestricted upload of files with dangerous types. This could potentially allow attackers to upload malicious files, posing a security risk. Recommendations: For...

GHSA-VMXG-WX6C-4F3R Admidio Improper Access Control vulnerability

Admidio prior to 4.2.9 is vulnerable to Improper Access Control...