Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.3 views

CVE-2026-32813

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

8CVSS6AI score0.00279EPSS
Exploits1References1
NVD
NVD
added 2026/03/20 2:16 a.m.4 views

CVE-2026-32813

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

8CVSS0.00279EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 2:9 a.m.21 views

CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

8CVSS0.00279EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 2:9 a.m.4 views

CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

8CVSS6AI score0.00279EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/20 2:9 a.m.3 views

CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

8CVSS6AI score0.00279EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 2:9 a.m.12 views

CVE-2026-32813

Admidio CVE-2026-32813 describes a second-order SQL injection in the MyList configuration feature. Versions 5.0.6 and earlier store user-supplied column names, sort directions, and filter conditions in adm_list_columns via prepared statements (safe write), but read these values back and interpola...

8CVSS6AI score0.00279EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 2:9 a.m.2 views

CVE-2026-32813

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

8CVSS6AI score0.00279EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/16 12:0 a.m.6 views

Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and interpolated...

6AI score
Exploits0References3Affected Software1
Rows per page
Query Builder