CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-6492

HIGH
7.2
CVSS Severity Score
EPSS Score0.1810%
EPSS Percentile20.57th
Published2017年3月5日
Last Modified2026年5月13日

Vulnerability Description

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.

Affected Platforms (CPE)

📦
Admidio

Admidio

= 3.2.5

References & Advisories

🔗 http://www.securityfocus.com/bid/97034
🔗 https://github.com/hamkovic/Admidio-3.2.5-SQLi
🔗 http://www.securityfocus.com/bid/97034
🔗 https://github.com/hamkovic/Admidio-3.2.5-SQLi

相關漏洞威脅

CVE-2021-326309.6

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, t...

CVE-2021-438108.8

Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerabilit...

CVE-2020-110047.7

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without ...

CVE-2018-253705.3

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by...