11 matches found
CVE-2026-41655
Admidio is an open-source user management solution. Prior to version 5.0.9, the ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g.,...
CVE-2026-41655 Admidio: Path Traversal in ECard Preview Allows Reading Arbitrary Server Files Including Database Credentials
Admidio is an open-source user management solution. Prior to version 5.0.9, the ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g.,...
CVE-2026-41655
Summary of CVE-2026-41655 (Admidio) : The vulnerability is a path traversal in the ecard_preview.php endpoint. Before version 5.0.9, the ecard_template parameter is not validated as a safe filename, allowing an authenticated user to craft paths like ../config.php to read arbitrary files accessibl...
CVE-2026-41655
Admidio is an open-source user management solution. Prior to version 5.0.9, the ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g.,...
CVE-2026-41655 Admidio: Path Traversal in ECard Preview Allows Reading Arbitrary Server Files Including Database Credentials
Admidio is an open-source user management solution. Prior to version 5.0.9, the ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g.,...
EUVD-2026-28263
Admidio is an open-source user management solution. Prior to version 5.0.9, the ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g.,...
Admidio 路径遍历漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a path traversal vulnerability. This vulnerability stemmed...
Directory Traversal
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Directory Traversal via the ecardpreview.php process. An attacker can access arbitrary files on the server, including sensitive...
Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including Database Credentials
Summary The ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g., ../config.php to read arbitrary files accessible to the web server process...
GHSA-M3VP-3JJM-GPMX Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including Database Credentials
Summary The ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g., ../config.php to read arbitrary files accessible to the web server process...
PT-2026-37139
Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description The 'ecard preview.php' endpoint fails to validate that the ecard template POST parameter is a safe filename before it is processed by the getEcardTemplate function. An authenticated user can exploit...