Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
6.6AI Score
0.029EPSS
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.
7.2CVSS
7.3AI Score
0.001EPSS
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
4.5CVSS
4.8AI Score
0.004EPSS
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQ...
7.7CVSS
7.8AI Score
0.002EPSS
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could renam...
9.6CVSS
8.5AI Score
0.004EPSS
Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. T...
8.8CVSS
5.9AI Score
0.007EPSS
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.
7.1CVSS
6.8AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.
5.4CVSS
5.3AI Score
0.001EPSS
Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.
7.8CVSS
6.7AI Score
0.001EPSS
3.5CVSS
4.2AI Score
0.001EPSS
5.4CVSS
5.4AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.
7.2CVSS
6.6AI Score
0.001EPSS
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.
6.5CVSS
6.3AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the /adm_program/modules/ecards/ecard_send.php source file of the Admidio Application. The SQL Injection results in a compromise of the appli...
9.9CVSS
9.8AI Score
0.0004EPSS
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploade...
9CVSS
9.2AI Score
0.0004EPSS