Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

admidio — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in admidio, with AI-generated Chinese analysis, references, and POCs.

Vendor: Admidio

CVE IDTitleCVSSSeverityPublished
CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions CWE-352 4.5 Medium2026-03-31
CVE-2026-34383 Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter CWE-20 4.3 Medium2026-03-31
CVE-2026-34382 Admidio: Missing CSRF Protection on Custom List Deletion in mylist_function.php CWE-352 4.6 Medium2026-03-31
CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess CWE-284 7.5 High2026-03-31
CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter) CWE-89 8.0 High2026-03-20
CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion CWE-862 9.1 Critical2026-03-20
CVE-2026-32812 Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint CWE-918 6.8 Medium2026-03-20
CVE-2026-32757 Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection CWE-79 5.4 Medium2026-03-19
CVE-2026-32756 Admidio: Unrestricted File Upload via CSRF Token Validation Bypass in Documents & Files Module CWE-434 8.8 High2026-03-19
CVE-2026-32818 Admidio is Missing Authorization on Forum Topic and Post Deletion CWE-862 6.5 Medium2026-03-19
CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions CWE-352 5.7 Medium2026-03-19
CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes CWE-352 5.7 Medium2026-03-19
CVE-2026-30927 Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter CWE-639 5.4AIMediumAI2026-03-09
CVE-2025-62617 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality CWE-89 7.2 High2025-10-22
CVE-2024-47836 Admidio vulnerable to HTML Injection In The Messages Section CWE-502 3.5 Low2024-10-16
CVE-2024-38529 Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment CWE-434 9.1 Critical2024-07-29
CVE-2024-37906 Admidio has Blind SQL Injection in ecard_send.php CWE-89 10.0 Critical2024-07-29
CVE-2021-43810 Cross-site Scripting (XSS) when redirect an url CWE-79 8.8 High2021-12-07
CVE-2021-32630 Various CWE-434 9.6 Critical2021-05-20
CVE-2020-11004 SQL Injection in Admidio CWE-89 7.7 High2020-04-24

All 20 known CVE vulnerabilities affecting admidio with full Chinese analysis, references, and POCs where available.