Admidio
Monthly
Admidio versions prior to 5.0.8 allow authenticated users to bypass CSRF token validation and server-side form validation in the inventory module's item_save endpoint by setting the imported POST parameter to true, enabling unauthorized modification of inventory item data without proper security checks. The vulnerability requires valid authentication but carries moderate impact due to the complete circumvention of two independent security controls.
Unauthorized event participation manipulation in Admidio prior to 5.0.6 allows authenticated users to register or cancel participation for other users by manipulating the user_uuid parameter in event functions. Any user with event participation privileges can exploit this to modify another user's event enrollment status without authorization. The vulnerability requires authentication and affects confidentiality through unauthorized modifications.
Admidio is an open-source user management solution. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Admidio is a free open source user management system for websites of organizations and groups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQL Injection was discovered in Admidio before version 3.3.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Admidio versions prior to 5.0.8 allow authenticated users to bypass CSRF token validation and server-side form validation in the inventory module's item_save endpoint by setting the imported POST parameter to true, enabling unauthorized modification of inventory item data without proper security checks. The vulnerability requires valid authentication but carries moderate impact due to the complete circumvention of two independent security controls.
Unauthorized event participation manipulation in Admidio prior to 5.0.6 allows authenticated users to register or cancel participation for other users by manipulating the user_uuid parameter in event functions. Any user with event participation privileges can exploit this to modify another user's event enrollment status without authorization. The vulnerability requires authentication and affects confidentiality through unauthorized modifications.
Admidio is an open-source user management solution. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Admidio is a free open source user management system for websites of organizations and groups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQL Injection was discovered in Admidio before version 3.3.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.