Admidio 信息泄露漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a vulnerability involving information leakage. This...

Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment

Summary The member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the JSON output correctly suppresses hidden columns via isVisible checks,...

Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Summary An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lea...

SQL Injection

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to SQL Injection via the filterroluuid parameter in the membersassignmentdata.php process. An attacker can execute arbitrary SQL command...