CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-11004

HIGH
7.7
CVSS Severity Score
EPSS Score0.1070%
EPSS Percentile28.82th
Published2020年4月24日
Last Modified2024年11月21日

Vulnerability Description

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13.

Affected Platforms (CPE)

📦
Admidio

Admidio

< 3.3.13

References & Advisories

🔗 https://github.com/Admidio/admidio/commit/ea5d6f114b151ed11ec0ad7cb47bd729e77a874a
🔗 https://github.com/Admidio/admidio/issues/908
🔗 https://github.com/Admidio/admidio/security/advisories/GHSA-qh57-rcff-gx54
🔗 https://github.com/Admidio/admidio/commit/ea5d6f114b151ed11ec0ad7cb47bd729e77a874a
🔗 https://github.com/Admidio/admidio/issues/908
🔗 https://github.com/Admidio/admidio/security/advisories/GHSA-qh57-rcff-gx54

関連する脆弱性情報

CVE-2021-326309.6

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, t...

CVE-2021-438108.8

Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerabilit...

CVE-2017-64927.2

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is co...

CVE-2018-253705.3

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by...

CVE-2020-11004 Detail & Impact Analysis | CVSS 7.7 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space