RSS   Vulnerabilities for 'Admidio'   RSS

2017-05-16
 
CVE-2017-8382

 

 
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

 
2017-03-05
 
CVE-2017-6492

 

 
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.

 
2008-11-24
 
CVE-2008-5209

CWE-22
 

 
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

 


Copyright 2017, cxsecurity.com

 

Back to Top