Vulnerabilidades en admidio
41 resultadosCVE-2026-41657MEDIUMAdmidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.phpEPSS 0.3%CVE-2026-41655MEDIUMAdmidio: Path Traversal in ECard Preview Allows Reading Arbitrary Server Files Including Database CredentialsEPSS 0.3%CVE-2026-41660HIGHAdmidio: Inverted 2FA Reset Authorization Check Lets Group Leaders Strip Admin TOTPEPSS 0.3%CVE-2026-41662MEDIUMAdmidio: Missing Minimum Administrator Check in Role Membership RemovalEPSS 0.3%CVE-2026-41670HIGHAdmidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequestEPSS 0.3%CVE-2026-32813HIGHAdmidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)EPSS 0.3%CVE-2026-41659LOWAdmidio: Hidden Profile Field Values Leaked via Blind Search Oracle in Member AssignmentEPSS 0.3%CVE-2026-30927MEDIUMAdmidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameterEPSS 0.3%CVE-2026-42194MEDIUMIncomplete fix for CVE-2026-32812: SSRF in admidioEPSS 0.2%CVE-2026-41658MEDIUMAdmidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete ItemsEPSS 0.2%CVE-2026-32757MEDIUMAdmidio: HTMLPurifier Bypass in eCard Message Allows HTML Email InjectionEPSS 0.2%CVE-2026-32818MEDIUMAdmidio is Missing Authorization on Forum Topic and Post DeletionEPSS 0.2%CVE-2018-25370MEDIUMAdmidio 3.3.5 Cross-Site Request Forgery via roles_function.phpEPSS 0.2%CVE-2026-41669HIGHAdmidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests ProcessedEPSS 0.2%CVE-2026-41661MEDIUMAdmidio: Reflected XSS in msg_window.php via Square Bracket to HTML Tag ConversionEPSS 0.2%CVE-2026-34384MEDIUMAdmidio: Missing CSRF Protection on Registration Approval ActionsEPSS 0.2%CVE-2026-32755MEDIUMAdmidio is Missing CSRF Protection on Role Membership Date ChangesEPSS 0.1%CVE-2026-34383MEDIUMAdmidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` ParameterEPSS 0.1%CVE-2026-32816MEDIUMAdmidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate ActionsEPSS 0.1%CVE-2026-34382MEDIUMAdmidio: Missing CSRF Protection on Custom List Deletion in mylist_function.phpEPSS 0.1%