Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Admidio — Vulnerabilities & Security Advisories 27

Browse all 27 CVE security advisories affecting Admidio. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Admidio:admidioadmidio/admidio
CVE IDTitleCVSSSeverityPaused
CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions — admidioCWE-352 4.5 Medium2026-03-31
CVE-2026-34383 Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter — admidioCWE-20 4.3 Medium2026-03-31
CVE-2026-34382 Admidio: Missing CSRF Protection on Custom List Deletion in mylist_function.php — admidioCWE-352 4.6 Medium2026-03-31
CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess — admidioCWE-284 7.5 High2026-03-31
CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter) — admidioCWE-89 8.0 High2026-03-20
CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion — admidioCWE-862 9.1 Critical2026-03-20
CVE-2026-32812 Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint — admidioCWE-918 6.8 Medium2026-03-20
CVE-2026-32757 Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection — admidioCWE-79 5.4 Medium2026-03-19
CVE-2026-32756 Admidio: Unrestricted File Upload via CSRF Token Validation Bypass in Documents & Files Module — admidioCWE-434 8.8 High2026-03-19
CVE-2026-32818 Admidio is Missing Authorization on Forum Topic and Post Deletion — admidioCWE-862 6.5 Medium2026-03-19
CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions — admidioCWE-352 5.7 Medium2026-03-19
CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes — admidioCWE-352 5.7 Medium2026-03-19
CVE-2026-30927 Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter — admidioCWE-639 5.4AIMediumAI2026-03-09
CVE-2025-62617 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality — admidioCWE-89 7.2 High2025-10-22
CVE-2024-47836 Admidio vulnerable to HTML Injection In The Messages Section — admidioCWE-502 3.5 Low2024-10-16
CVE-2024-38529 Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment — admidioCWE-434 9.1 Critical2024-07-29
CVE-2024-37906 Admidio has Blind SQL Injection in ecard_send.php — admidioCWE-89 10.0 Critical2024-07-29
CVE-2023-4190 Insufficient Session Expiration in admidio/admidio — admidio/admidioCWE-613 8.3 -2023-08-06
CVE-2023-3692 Unrestricted Upload of File with Dangerous Type in admidio/admidio — admidio/admidioCWE-434 8.8 -2023-07-16
CVE-2023-3302 Improper Neutralization of Formula Elements in a CSV File in admidio/admidio — admidio/admidioCWE-1236 8.0 -2023-06-23
CVE-2023-3303 Improper Access Control in admidio/admidio — admidio/admidioCWE-284 5.4 -2023-06-23
CVE-2023-3304 Improper Access Control in admidio/admidio — admidio/admidioCWE-284 5.4 -2023-06-23
CVE-2023-3109 Cross-site Scripting (XSS) - Stored in admidio/admidio — admidio/admidioCWE-79 5.4 -2023-06-05
CVE-2022-0991 Insufficient Session Expiration in admidio/admidio — admidio/admidioCWE-613 7.2 -2022-03-19
CVE-2021-43810 Cross-site Scripting (XSS) when redirect an url — admidioCWE-79 8.8 High2021-12-07
CVE-2021-32630 Various — admidioCWE-434 9.6 Critical2021-05-20
CVE-2020-11004 SQL Injection in Admidio — admidioCWE-89 7.7 High2020-04-24

This page lists every published CVE security advisory associated with Admidio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.