Home/Product/admidio
Product

admidio

32 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-34384
< 5.0.8
Admidio is an open-source user management solution. Prior to version 5.0.8, the create_user, assign_member, and assign_user action
4.5MEDIUM
 CVE-2026-34383
< 5.0.8
Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint accepts a us
4.3MEDIUM
 CVE-2026-34382
>= 5.0.0 and < 5.0.8
Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylist_
4.6MEDIUM
 CVE-2026-34381
>= 5.0.0 and < 5.0.8
Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.ht
7.5HIGH
 CVE-2026-32817
>= 5.0.0 and < 5.0.7
Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents and files module does not verif
9.1CRITICAL
 CVE-2026-32813
< 5.0.7
Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the
8.0HIGH
 CVE-2026-32812
>= 5.0.0 and < 5.0.7
Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted URL fetch in the SSO Metadata AP
6.8MEDIUM
 CVE-2026-32757
< 5.0.7
Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $_POST['ecard_m
5.4MEDIUM
 CVE-2026-32756
< 5.0.7
Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unrestricted file upload vulnerabi
8.8HIGH
 CVE-2026-32818
>= 5.0.0 and < 5.0.7
Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the forum module in Admidio does not verify w
6.5MEDIUM
 CVE-2026-32816
>= 5.0.0 and < 5.0.7
Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in
5.7MEDIUM
 CVE-2026-32755
< 5.0.7
Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership action in modules/profile/pro
5.7MEDIUM
 CVE-2026-30927
< 5.0.6
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/events_function.php, the event participation
5.4MEDIUM
 CVE-2025-62617
< 4.3.17
Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists i
7.2HIGH
 CVE-2024-47836
< 4.3.12
Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any un
3.5LOW
 CVE-2024-38529
< 4.3.10
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10,
9.0CRITICAL
 CVE-2024-37906
< 4.3.9
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, t
9.9CRITICAL
 CVE-2023-47380
all versions
Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).
6.1MEDIUM
 CVE-2023-4190
< 4.2.11
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.
6.5MEDIUM
 CVE-2023-3692
< 4.2.10
Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.
7.2HIGH
 CVE-2023-3304
< 4.2.9
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.
5.4MEDIUM
 CVE-2023-3303
< 4.2.9
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.
3.5LOW
 CVE-2023-3302
< 4.2.9
Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.
7.8HIGH
 CVE-2023-3109
< 4.2.8
Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.
5.4MEDIUM
 CVE-2022-23896
< 4.1.3
Admidio 4.1.2 version is affected by stored cross-site scripting (XSS).
5.4MEDIUM
 CVE-2022-0991
< 4.1.9
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.
7.1HIGH
 CVE-2021-43810
< 4.0.12
Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerabilit
8.8HIGH
 CVE-2021-32630
< 4.0.4
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, t
9.6CRITICAL
 CVE-2020-11004
< 3.3.13
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without
7.7HIGH
 CVE-2017-8382
all versions
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
4.5MEDIUM
 CVE-2017-6492
all versions
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is co
7.2HIGH
 CVE-2008-5209
all versions
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary file
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh