) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:admidio:admidio:1.0:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-4190 |
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11. Published: August 05, 2023; 9:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2023-3692 |
Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10. Published: July 15, 2023; 9:15:09 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
| CVE-2023-3304 |
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. Published: June 23, 2023; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-3303 |
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. Published: June 23, 2023; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 3.5 LOW V2.0:(not available) |
| CVE-2023-3302 |
Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. Published: June 23, 2023; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2023-3109 |
Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. Published: June 05, 2023; 12:15:09 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-23896 |
Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). Published: June 28, 2022; 9:15:12 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2022-0991 |
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. Published: March 19, 2022; 4:15:06 AM -0400 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0: 6.4 MEDIUM |
| CVE-2021-43810 |
Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12. Published: December 07, 2021; 5:15:06 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-32630 |
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could rename the php shell with a .phar extension, visit the file, triggering the payload for a reverse/bind shell. This can be mitigated by excluding a .phar file extension to be uploaded (like you did with .php .phtml .php5 etc). The vulnerability is patched in version 4.0.4. Published: May 20, 2021; 1:15:07 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2020-11004 |
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13. Published: April 24, 2020; 5:15:13 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |