CVE-2024-37906

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-89
View all →

Vulnerability Description

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. This vulnerability is fixed in 4.3.9.

Related Vulnerabilities

CVE-2007-10003

HIGH
CVSS:8.8(High)

A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the com...

CWE-892007

CVE-2010-3662

HIGH
CVSS:8.8(High)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.

CWE-892010

CVE-2011-0467

HIGH
CVSS:8.8(High)

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected ...

CWE-892011

CVE-2012-4383

HIGH
CVSS:8.8(High)

contao prior to 2.11.4 has a sql injection vulnerability

CWE-892012

CVE-2013-3638

HIGH
CVSS:8.8(High)

SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.

CWE-892013