CVE-2017-6492

HIGH

7.2

CVSS Severity Score

EPSS Score0.1810%

EPSS Percentile20.57th

PublishedMar 5, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.

Affected Platforms (CPE)

📦

Admidio

= 3.2.5

References & Advisories

🔗 http://www.securityfocus.com/bid/97034

🔗 https://github.com/hamkovic/Admidio-3.2.5-SQLi

🔗 http://www.securityfocus.com/bid/97034

🔗 https://github.com/hamkovic/Admidio-3.2.5-SQLi

Related Vulnerabilities

CVE-2021-326309.6

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, t...

CVE-2021-438108.8

Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerabilit...

CVE-2020-110047.7

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without ...

CVE-2018-253705.3

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by...