CVE-2023-3109

Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.

CVE-2022-0991

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.

CVE-2020-11004

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQ...

CVE-2022-23896

Admidio 4.1.2 version is affected by stored cross-site scripting (XSS).

CVE-2023-47380

Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).

CVE-2021-32630

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could renam...

CVE-2023-3303

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

CVE-2017-8382

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

CVE-2023-3692

Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.

CVE-2023-3304

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

CVE-2024-37906

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the /adm_program/modules/ecards/ecard_send.php source file of the Admidio Application. The SQL Injection results in a compromise of the appli...

CVE-2024-47836

Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.

CVE-2021-43810

Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. T...

CVE-2023-4190

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.

CVE-2023-3302

Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.

CVE-2024-38529

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploade...

CVE-2008-5209

Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

CVE-2017-6492

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.