Skip to main content

Admidio

19 CVEs product

Monthly

CVE-2026-34383 PHP MEDIUM PATCH GHSA This Month

Admidio versions prior to 5.0.8 allow authenticated users to bypass CSRF token validation and server-side form validation in the inventory module's item_save endpoint by setting the imported POST parameter to true, enabling unauthorized modification of inventory item data without proper security checks. The vulnerability requires valid authentication but carries moderate impact due to the complete circumvention of two independent security controls.

CSRF Admidio
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-30927 PHP MEDIUM PATCH This Month

Unauthorized event participation manipulation in Admidio prior to 5.0.6 allows authenticated users to register or cancel participation for other users by manipulating the user_uuid parameter in event functions. Any user with event participation privileges can exploit this to modify another user's event enrollment status without authorization. The vulnerability requires authentication and affects confidentiality through unauthorized modifications.

PHP Authentication Bypass Admidio
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-47836 PHP MEDIUM POC PATCH This Month

Admidio is an open-source user management solution. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Admidio
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-38529 PHP HIGH POC PATCH This Week

Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP File Upload Admidio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-37906 PHP HIGH POC PATCH This Week

Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Admidio
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-47380 PHP MEDIUM POC PATCH This Month

Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Admidio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-4190 PHP MEDIUM POC PATCH This Month

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Admidio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3692 PHP HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Admidio
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-3304 PHP MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Admidio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3303 PHP LOW POC PATCH Monitor

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Admidio
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2023-3302 PHP HIGH POC PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Admidio
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-3109 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Admidio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-23896 PHP MEDIUM POC PATCH This Month

Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Admidio
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0991 PHP HIGH POC PATCH This Week

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Admidio
NVD GitHub
CVSS 3.1
7.1
EPSS
1.0%
CVE-2021-43810 MEDIUM POC PATCH This Month

Admidio is a free open source user management system for websites of organizations and groups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Admidio
NVD GitHub
CVSS 3.1
6.1
EPSS
5.8%
CVE-2021-32630 HIGH POC This Week

Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Admidio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-11004 HIGH PATCH This Week

SQL Injection was discovered in Admidio before version 3.3.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Admidio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2017-8382 PHP MEDIUM POC PATCH This Month

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF PHP Admidio
NVD GitHub Exploit-DB
CVSS 3.0
4.5
EPSS
0.6%
CVE-2017-6492 HIGH POC This Week

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Admidio
NVD GitHub
CVSS 3.0
7.2
EPSS
0.5%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Admidio versions prior to 5.0.8 allow authenticated users to bypass CSRF token validation and server-side form validation in the inventory module's item_save endpoint by setting the imported POST parameter to true, enabling unauthorized modification of inventory item data without proper security checks. The vulnerability requires valid authentication but carries moderate impact due to the complete circumvention of two independent security controls.

CSRF Admidio
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Unauthorized event participation manipulation in Admidio prior to 5.0.6 allows authenticated users to register or cancel participation for other users by manipulating the user_uuid parameter in event functions. Any user with event participation privileges can exploit this to modify another user's event enrollment status without authorization. The vulnerability requires authentication and affects confidentiality through unauthorized modifications.

PHP Authentication Bypass Admidio
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Admidio is an open-source user management solution. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Admidio
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Admidio
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Admidio
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Admidio
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Admidio
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Admidio
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Admidio
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Admidio
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Admidio
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Admidio
NVD
EPSS 1% CVSS 7.1
HIGH POC PATCH This Week

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Admidio
NVD GitHub
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

Admidio is a free open source user management system for websites of organizations and groups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Admidio
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Admidio
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

SQL Injection was discovered in Admidio before version 3.3.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Admidio
NVD GitHub
EPSS 1% CVSS 4.5
MEDIUM POC PATCH This Month

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF PHP Admidio
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.2
HIGH POC This Week

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Admidio
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy