Admidio: >> Admidio Security Vulnerabilities
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.
CVSS Score
7.2
EPSS Score
0.005
Published
2017-03-05
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVSS Score
5.0
EPSS Score
0.038
Published
2008-11-24
Page 4