2 matches found
CVE-2020-11004
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute...
CVE-2020-11004
CVE-2020-11004 affects Admidio prior to 3.3.13. Root cause: the main cookie parameter is concatenated into a SQL query without input validation, enabling an unauthenticated attacker to append arbitrary SQL via a crafted GET request. Impact is confidentiality. Mitigation is patching to version 3.3...