Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Admidio — Vulnerabilities & Security Advisories 34

All 34 CVE vulnerabilities found in Admidio, with AI-generated Chinese analysis, references, and POCs.

This page catalogs known security vulnerabilities within the Admidio web application, specifically categorized under the weakness type associated with identity and access management systems. The collection aggregates reported security issues affecting various versions of Admidio, encompassing a broad timeline of discoveries and official patches released over the past several years. It includes diverse flaw categories such as cross-site scripting, SQL injection, and improper access control mechanisms that have been documented by researchers and the vendor community. Visitors to this page can systematically track Admidio’s vendor advisories to stay informed about emerging threats and recommended mitigations. Users may also deepen their understanding of specific weakness classes by examining how they manifest within this particular software environment, providing context on attack vectors and potential impacts. Additionally, the page serves as a comprehensive reference for looking up a product’s vulnerability history, allowing security professionals, developers, and system administrators to audit past incidents and assess the long-term security posture of the Admidio platform. By consolidating these details into a single view, the page facilitates efficient risk assessment and helps stakeholders make informed decisions regarding upgrades, configuration changes, or remediation efforts without needing to search multiple disparate sources for fragmented information.

Vendor: Admidio

CVE IDTitleCVSSSeverityPublished
CVE-2018-25370 Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php CWE-352 5.3 Medium2026-05-25
CVE-2026-42194 Incomplete fix for CVE-2026-32812: SSRF in admidio CWE-918 6.8 Medium2026-05-07
CVE-2026-41671 Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation CWE-287 6.8 Medium2026-05-07
CVE-2026-41670 Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest CWE-20 8.2 High2026-05-07
CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed CWE-347 8.2 High2026-05-07
CVE-2026-41663 Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send CWE-352 3.5 Low2026-05-07
CVE-2026-41662 Admidio: Missing Minimum Administrator Check in Role Membership Removal CWE-754 5.2 Medium2026-05-07
CVE-2026-41661 Admidio: Reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion CWE-79 6.1 Medium2026-05-07
CVE-2026-41660 Admidio: Inverted 2FA Reset Authorization Check Lets Group Leaders Strip Admin TOTP CWE-863 7.1 High2026-05-07
CVE-2026-41659 Admidio: Hidden Profile Field Values Leaked via Blind Search Oracle in Member Assignment CWE-200 2.7 Low2026-05-07
CVE-2026-41658 Admidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items CWE-862 6.5 Medium2026-05-07
CVE-2026-41657 Admidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.php CWE-863 4.9 Medium2026-05-07
CVE-2026-41656 Admidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File Read CWE-22 4.5 Medium2026-05-07
CVE-2026-41655 Admidio: Path Traversal in ECard Preview Allows Reading Arbitrary Server Files Including Database Credentials CWE-22 6.5 Medium2026-05-07
CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions CWE-352 4.5 Medium2026-03-31
CVE-2026-34383 Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter CWE-20 4.3 Medium2026-03-31
CVE-2026-34382 Admidio: Missing CSRF Protection on Custom List Deletion in mylist_function.php CWE-352 4.6 Medium2026-03-31
CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess CWE-284 7.5 High2026-03-31
CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter) CWE-89 8.0 High2026-03-20
CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion CWE-862 9.1 Critical2026-03-20
CVE-2026-32812 Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint CWE-918 6.8 Medium2026-03-20
CVE-2026-32757 Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection CWE-79 5.4 Medium2026-03-19
CVE-2026-32756 Admidio: Unrestricted File Upload via CSRF Token Validation Bypass in Documents & Files Module CWE-434 8.8 High2026-03-19
CVE-2026-32818 Admidio is Missing Authorization on Forum Topic and Post Deletion CWE-862 6.5 Medium2026-03-19
CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions CWE-352 5.7 Medium2026-03-19
CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes CWE-352 5.7 Medium2026-03-19
CVE-2026-30927 Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter CWE-639 5.4AIMediumAI2026-03-09
CVE-2025-62617 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality CWE-89 7.2 High2025-10-22
CVE-2024-47836 Admidio vulnerable to HTML Injection In The Messages Section CWE-502 3.5 Low2024-10-16
CVE-2024-38529 Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment CWE-434 9.1 Critical2024-07-29

All 34 known CVE vulnerabilities affecting Admidio with full Chinese analysis, references, and POCs where available.