CVE-2026-41659

CVE-2026-41659 (Admidio) : The Admidio member assignment data endpoint before 5.0.9 includes hidden profile fields (BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY) in the SQL search condition, regardless of visibility settings. While JSON output hides these fields, the server-side search runs on the h...

CVE-2026-41659 Admidio: Hidden Profile Field Values Leaked via Blind Search Oracle in Member Assignment

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

GHSA-68PR-7PRH-MPV4 Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment

Summary The member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the JSON output correctly suppresses hidden columns via isVisible checks,...

CVE-2025-62617 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

CVE-2025-62617 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

CVE-2025-62617 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

EUVD-2025-35595

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

GHSA-2V5M-CQ9W-FC33 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Summary An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lea...

Admidio SQL注入漏洞

Admidio is an open source member management system from the Admidio team. The system supports features such as member lists, event management, guestbooks, photo albums and downloads. A SQL injection vulnerability exists in Admidio versions prior to 4.3.17, which stems from a SQL injection in the...

Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a...

EUVD-2022-36126

Malicious code in bioql PyPI...

CVE-2022-33069

Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment at SMTEncoder.cpp...