pkg:Packagist/admidio/admidio

共 49 筆 CVECRITICAL3HIGH10MEDIUM31LOW4

✅ 檢查你的版本

所有已知漏洞

CRITICAL9.9CVE-2024-37906Admidio has Blind SQL Injection in ecard_send.php
from 0, < 4.3.9
CRITICAL9.1CVE-2026-32817Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion
>= 5.0.0, < 5.0.7
CRITICAL9.0CVE-2024-38529Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
from 0, < 4.3.10
HIGH8.8CVE-2026-32756File Upload(RCE) Vulnerability in admidio
from 0, < 5.0.7
HIGH8.2CVE-2026-41670Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest
from 0, < 5.0.9
HIGH8.2CVE-2026-41669Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests
from 0, < 5.0.9
HIGH8.2CVE-2022-0991Insufficient Session Expiration in Admidio
from 0, < 4.1.9
HIGH8.1CVE-2026-47231Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders
from 0, < 5.0.10
HIGH8.0CVE-2026-32813Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)
from 0, < 5.0.7
HIGH7.5CVE-2026-34381Admidio allows Unauthenticated Access to Role-Restricted documents via neutralized .htaccess
>= 5.0.0, < 5.0.8
HIGH7.3CVE-2023-3302Admidio Improper Neutralization of Formula Elements in a CSV File vulnerability
from 0, < 4.2.9
HIGH7.2CVE-2025-62617Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality
from 0, < 4.3.17
HIGH7.1CVE-2026-41660Admidio has Inverted 2FA Reset Authorization Check that Lets Group Leaders Strip Admin TOTP
from 0, < 5.0.9
MEDIUM6.8CVE-2026-42194Admidio has an incomplete fix for CVE-2026-32812 (SSRF)
from 0, < 5.0.9
MEDIUM6.8CVE-2026-41671Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation
from 0, < 5.0.9
MEDIUM6.8CVE-2026-32812Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint
>= 5.0.0, < 5.0.7
MEDIUM6.7CVE-2023-3692Admidio vulnerable to Unrestricted Upload of File with Dangerous Type
from 0, < 4.2.10
MEDIUM6.5CVE-2026-47233Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024
from 0, < 5.0.10
MEDIUM6.5CVE-2026-47230Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders
from 0, < 5.0.10
MEDIUM6.5CVE-2026-47227Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`
from 0, < 5.0.10
MEDIUM6.5CVE-2026-47226Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges
from 0, < 5.0.10
MEDIUM6.5CVE-2026-41658Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items
from 0, < 5.0.9
MEDIUM6.5CVE-2026-41655Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including Database Credentials
from 0, < 5.0.9
MEDIUM6.5CVE-2026-32818Admidio is Missing Authorization on Forum Topic and Post Deletion
>= 5.0.0, < 5.0.7
MEDIUM6.5CVE-2023-4190Admidio Insufficient Session Expiration vulnerability
from 0, < 4.2.11
MEDIUM6.3CVE-2023-3109Admidio vulnerable to Cross-site Scripting
from 0, < 4.2.8
MEDIUM6.1CVE-2026-41661Admidio vulnerable to reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion
from 0, < 5.0.9
MEDIUM6.1CVE-2023-47380Cross-site Scripting in Admidio
from 0, < 4.2.13
MEDIUM5.7CVE-2026-32755Admidio is Missing CSRF Protection on Role Membership Date Changes
from 0, < 5.0.7
MEDIUM5.7CVE-2026-32816Admidio is Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions
>= 5.0.0, < 5.0.7
MEDIUM5.4CVE-2026-47229Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation
from 0, < 5.0.10
MEDIUM5.4CVE-2026-32757Admidio has an HTMLPurifier Bypass in eCard Message Allows HTML Email Injection
from 0, < 5.0.7
MEDIUM5.4CVE-2023-3304Admidio Improper Access Control vulnerability
from 0, < 4.2.9
MEDIUM5.4CVE-2022-23896Cross-site Scripting in admidio
from 0, < 4.1.3
MEDIUM5.2CVE-2026-47228Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords
from 0, < 5.0.10
MEDIUM5.2CVE-2026-41662Admidio Missing Minimum Administrator Check in Role Membership Removal
from 0, < 5.0.9
MEDIUM4.9CVE-2026-41657Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php
from 0, < 5.0.9
MEDIUM4.6CVE-2026-34382Admidio has Missing CSRF Protections on Custom List Deletion in mylist_function.php
>= 5.0.0, < 5.0.8
MEDIUM4.5CVE-2026-41656Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read
from 0, < 5.0.9
MEDIUM4.5CVE-2026-34384Admidio has Missing CSRF Protection on Registration Approval Actions
from 0, < 5.0.8
MEDIUM4.5CVE-2017-8382admidio CSRF Vulnerability
from 0, < 4.1-Beta.1
MEDIUM4.4CVE-2026-47234Admidio writes session IDs and auto-login cookie values to application logs
from 0, < 5.0.10
MEDIUM4.3CVE-2026-47232Admidio PKCS#12 private key export action lacks CSRF protection
from 0, < 5.0.10
MEDIUM4.3CVE-2026-34383Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter
from 0, < 5.0.8
LOW3.5CVE-2026-41663Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send
from 0, < 5.0.9
LOW3.5CVE-2024-47836Admidio Vulnerable to HTML Injection In The Messages Section
from 0, < 4.3.12
LOW3.5CVE-2023-3303Admidio Improper Access Control vulnerability
from 0, < 4.2.9
LOW2.7CVE-2026-41659Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment
from 0, < 5.0.9
NONE0.0CVE-2026-30927Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
from 0, < 5.0.6