admidio/admidio Security Advisories for v4.2.7 (18)
-
[MEDIUM] Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter
PKSA-ksvx-vqkf-t9m4 CVE-2026-34383 GHSA-4rwm-c5mj-wh7x
Affected version: <=5.0.7
Reported by:
GitHub -
[MEDIUM] Admidio has Missing CSRF Protection on Registration Approval Actions
PKSA-rs6z-52fv-dzjt CVE-2026-34384 GHSA-ph84-r98x-2j22
Affected version: <5.0.8
Reported by:
GitHub -
[HIGH] Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)
PKSA-gmjw-r3kp-z9vp CVE-2026-32813 GHSA-3x67-4c2c-w45m
Affected version: <=5.0.6
Reported by:
GitHub -
[MEDIUM] Admidio has an HTMLPurifier Bypass in eCard Message Allows HTML Email Injection
PKSA-sgr9-nmmb-pbwy CVE-2026-32757 GHSA-4wr4-f2qf-x5wj
Affected version: <=5.0.6
Reported by:
GitHub -
[MEDIUM] Admidio is Missing CSRF Protection on Role Membership Date Changes
PKSA-ym3s-c4g7-mjjc CVE-2026-32755 GHSA-h8gr-qwr6-m9gx
Affected version: <=5.0.6
Reported by:
GitHub -
[HIGH] File Upload(RCE) Vulnerability in admidio
PKSA-z3z9-x952-96sj CVE-2026-32756 GHSA-95cq-p4w2-32w5
Affected version: <=5.0.6
Reported by:
GitHub -
[MEDIUM] Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
PKSA-m5mq-p62f-xpq3 CVE-2026-30927 GHSA-7pfv-hr63-h7cw
Affected version: <5.0.6
Reported by:
GitHub -
[HIGH] Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality
PKSA-4zpm-2kww-7r27 CVE-2025-62617 GHSA-2v5m-cq9w-fc33
Affected version: <=4.3.16
Reported by:
GitHub -
[LOW] Admidio Vulnerable to HTML Injection In The Messages Section
PKSA-8xw4-b9d8-fb13 CVE-2024-47836 GHSA-7c4c-749j-pfp2
Affected version: <4.3.12
Reported by:
GitHub -
[CRITICAL] Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
PKSA-pqfh-bz78-27tq CVE-2024-38529 GHSA-g872-jwwr-vggm
Affected version: <4.3.10
Reported by:
GitHub -
[CRITICAL] Admidio has Blind SQL Injection in ecard_send.php
PKSA-nkvp-2f2p-3196 CVE-2024-37906 GHSA-69wx-xc6j-28v3
Affected version: <4.3.9
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Admidio
PKSA-k49j-932v-t34f CVE-2023-47380 GHSA-vm4p-gh82-xq96
Affected version: <4.2.13
Reported by:
GitHub -
[MEDIUM] Admidio Insufficient Session Expiration vulnerability
PKSA-c3fp-w3nf-kj62 CVE-2023-4190 GHSA-qq8m-9rpx-w2fm
Affected version: <4.2.11
Reported by:
GitHub -
[MEDIUM] Admidio vulnerable to Unrestricted Upload of File with Dangerous Type
PKSA-w6r1-b826-krjb CVE-2023-3692 GHSA-q347-jrx8-5pw9
Affected version: <4.2.10
Reported by:
GitHub -
[MEDIUM] Admidio Improper Access Control vulnerability
PKSA-mtr3-x9xb-3cfw CVE-2023-3304 GHSA-x3m2-3pwj-8fj4
Affected version: <4.2.9
Reported by:
GitHub -
[LOW] Admidio Improper Access Control vulnerability
PKSA-25dz-3t2c-bhjs CVE-2023-3303 GHSA-vmxg-wx6c-4f3r
Affected version: <4.2.9
Reported by:
GitHub -
[HIGH] Admidio Improper Neutralization of Formula Elements in a CSV File vulnerability
PKSA-9b3f-d4zs-kq8p CVE-2023-3302 GHSA-hm75-8w6h-4f8f
Affected version: <4.2.9
Reported by:
GitHub -
[MEDIUM] Admidio vulnerable to Cross-site Scripting
PKSA-ck49-vc84-zs56 CVE-2023-3109 GHSA-gx4r-fvwg-8678
Affected version: <4.2.8
Reported by:
GitHub