RSS   Vulnerabilities for 'Admidio'   RSS

2020-04-24
 
CVE-2020-11004

CWE-89
 

 
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13.

 
2017-05-16
 
CVE-2017-8382

 

 
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

 
2017-03-05
 
CVE-2017-6492

 

 
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.

 
2008-11-24
 
CVE-2008-5209

CWE-22
 

 
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

 


Copyright 2020, cxsecurity.com

 

Back to Top