Admidio/admidio

This hub aggregates every CVE we track for Admidio/admidio, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Admidio/admidio.

• CVE-2026-32813Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)8.0Mar 20, 2026
• CVE-2026-32812Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint6.8Mar 20, 2026
• CVE-2026-32757Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection5.4Mar 19, 2026
• CVE-2026-32756Admidio: Unrestricted File Upload via CSRF Token Validation Bypass in Documents & Files Module8.8Mar 19, 2026
• CVE-2026-32755Admidio is Missing CSRF Protection on Role Membership Date Changes5.7Mar 19, 2026
• CVE-2026-30927Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter5.4Mar 9, 2026
• CVE-2025-62617Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality7.2Oct 22, 2025
• CVE-2024-47836Admidio vulnerable to HTML Injection In The Messages Section3.5Oct 16, 2024
• CVE-2024-38529Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment9.0Jul 29, 2024
• CVE-2024-37906Admidio has Blind SQL Injection in ecard_send.php9.9Jul 29, 2024
• CVE-2023-47380Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).6.1Nov 22, 2023
• CVE-2023-4190Insufficient Session Expiration in admidio/admidio6.5Aug 6, 2023
• CVE-2023-3692Unrestricted Upload of File with Dangerous Type in admidio/admidio7.2Jul 16, 2023
• CVE-2023-3304Improper Access Control in admidio/admidio5.4Jun 23, 2023
• CVE-2023-3302Improper Neutralization of Formula Elements in a CSV File in admidio/admidio7.8Jun 23, 2023