admidio/admidio Security Advisories for v4.2.12 (12)
-
[MEDIUM] Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter
PKSA-ksvx-vqkf-t9m4 CVE-2026-34383 GHSA-4rwm-c5mj-wh7x
Affected version: <=5.0.7
Reported by:
GitHub -
[MEDIUM] Admidio has Missing CSRF Protection on Registration Approval Actions
PKSA-rs6z-52fv-dzjt CVE-2026-34384 GHSA-ph84-r98x-2j22
Affected version: <5.0.8
Reported by:
GitHub -
[HIGH] Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)
PKSA-gmjw-r3kp-z9vp CVE-2026-32813 GHSA-3x67-4c2c-w45m
Affected version: <=5.0.6
Reported by:
GitHub -
[MEDIUM] Admidio has an HTMLPurifier Bypass in eCard Message Allows HTML Email Injection
PKSA-sgr9-nmmb-pbwy CVE-2026-32757 GHSA-4wr4-f2qf-x5wj
Affected version: <=5.0.6
Reported by:
GitHub -
[MEDIUM] Admidio is Missing CSRF Protection on Role Membership Date Changes
PKSA-ym3s-c4g7-mjjc CVE-2026-32755 GHSA-h8gr-qwr6-m9gx
Affected version: <=5.0.6
Reported by:
GitHub -
[HIGH] File Upload(RCE) Vulnerability in admidio
PKSA-z3z9-x952-96sj CVE-2026-32756 GHSA-95cq-p4w2-32w5
Affected version: <=5.0.6
Reported by:
GitHub -
[MEDIUM] Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
PKSA-m5mq-p62f-xpq3 CVE-2026-30927 GHSA-7pfv-hr63-h7cw
Affected version: <5.0.6
Reported by:
GitHub -
[HIGH] Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality
PKSA-4zpm-2kww-7r27 CVE-2025-62617 GHSA-2v5m-cq9w-fc33
Affected version: <=4.3.16
Reported by:
GitHub -
[LOW] Admidio Vulnerable to HTML Injection In The Messages Section
PKSA-8xw4-b9d8-fb13 CVE-2024-47836 GHSA-7c4c-749j-pfp2
Affected version: <4.3.12
Reported by:
GitHub -
[CRITICAL] Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
PKSA-pqfh-bz78-27tq CVE-2024-38529 GHSA-g872-jwwr-vggm
Affected version: <4.3.10
Reported by:
GitHub -
[CRITICAL] Admidio has Blind SQL Injection in ecard_send.php
PKSA-nkvp-2f2p-3196 CVE-2024-37906 GHSA-69wx-xc6j-28v3
Affected version: <4.3.9
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Admidio
PKSA-k49j-932v-t34f CVE-2023-47380 GHSA-vm4p-gh82-xq96
Affected version: <4.2.13
Reported by:
GitHub