Lucene search
K

6 matches found

Snyk
Snyk
added 2026/05/05 8:3 p.m.7 views

Server-side Request Forgery (SSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the fetchmetadata.php process. An attacker can access internal network resources or sensitive clo...

6.9CVSS5.8AI score0.00236EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/29 9:56 p.m.8 views

Improper Verification of Cryptographic Signature

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper validation of SAML signatures in the authentication and logout...

8.8CVSS5.8AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/29 9:49 p.m.6 views

Incorrect Authorization

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Incorrect Authorization due to an inverted authorization check in the twofactorauthentication.php process. An attacker can remove...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/29 9:46 p.m.6 views

Missing Authorization

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Missing Authorization in the itemdelete, itemretire, itemreinstate, itempictureupload, itempicturesave, and itempicturedelete endpoin...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.1 views

PT-2024-1852 · Basercms · Basercms

Name of the Vulnerable Software and Affected Versions: baserCMS versions prior to 5.0.9 Description: The issue is related to an OS Command Injection vulnerability in the site search feature of baserCMS. This vulnerability can be exploited by a remote attacker to execute arbitrary commands. The...

8.1CVSS8.1AI score0.01455EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.9 views

PT-2023-5707 · Graylog · Graylog

Name of the Vulnerable Software and Affected Versions: Graylog versions prior to 5.0.9 Graylog versions prior to 5.1.3 Description: The issue is related to the incorrect session expiration in a multi-node Graylog cluster. After a user has explicitly logged out, a user session may still be used fo...

3.1CVSS3.6AI score0.00411EPSS
Exploits1References10
Rows per page
Query Builder