{"url":"http://public2.vulnerablecode.io/api/packages/545254?format=json","purl":"pkg:composer/admidio/admidio@4.1.0","type":"composer","namespace":"admidio","name":"admidio","version":"4.1.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.0.10","latest_non_vulnerable_version":"5.0.10","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151805?format=json","vulnerability_id":"VCID-19r9-6x29-sub9","summary":"Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3304","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25287","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25274","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2507","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25268","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3304"},{"reference_url":"https://github.com/admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3304","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3304"},{"reference_url":"https://github.com/admidio/admidio/commit/3b248b7d5e0e60a00ee2f9a6908d538d62a5837f","reference_id":"3b248b7d5e0e60a00ee2f9a6908d538d62a5837f","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T19:57:17Z/"}],"url":"https://github.com/admidio/admidio/commit/3b248b7d5e0e60a00ee2f9a6908d538d62a5837f"},{"reference_url":"https://huntr.dev/bounties/721fae61-3c8c-4e4b-8407-64321bc0ed17","reference_id":"721fae61-3c8c-4e4b-8407-64321bc0ed17","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T19:57:17Z/"}],"url":"https://huntr.dev/bounties/721fae61-3c8c-4e4b-8407-64321bc0ed17"},{"reference_url":"https://github.com/advisories/GHSA-x3m2-3pwj-8fj4","reference_id":"GHSA-x3m2-3pwj-8fj4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x3m2-3pwj-8fj4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381659?format=json","purl":"pkg:composer/admidio/admidio@4.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-4d48-2hr3-3qca"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-8hav-zgep-f7ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-9u5z-6732-3fcn"},{"vulnerability":"VCID-b48m-bj85-q7ht"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-cmu6-hsjx-uba2"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-w7cg-3v9u-9qgc"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"},{"vulnerability":"VCID-z3uj-c5x9-pfct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.2.9"}],"aliases":["CVE-2023-3304","GHSA-x3m2-3pwj-8fj4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19r9-6x29-sub9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77294?format=json","vulnerability_id":"VCID-1fvb-v93b-5yex","summary":"Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership action in modules/profile/profile_function.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stop_membership and remove_former_membership against the CSRF token but omits save_membership from that check. Because membership UUIDs appear in the HTML source visible to authenticated users, an attacker can embed a crafted POST form on any external page and trick a role leader into submitting it, silently altering membership dates for any member of roles the victim leads. A role leader's session can be silently exploited via CSRF to manipulate any member's membership dates, terminating access by backdating, covertly extending unauthorized access, or revoking role-restricted features, all without confirmation, notification, or administrative approval. This issue has been fixed in version 5.0.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32755","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00902","published_at":"2026-06-13T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00905","published_at":"2026-06-14T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00899","published_at":"2026-06-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00896","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32755"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32755","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32755"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-h8gr-qwr6-m9gx","reference_id":"GHSA-h8gr-qwr6-m9gx","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:51:16Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-h8gr-qwr6-m9gx"},{"reference_url":"https://github.com/advisories/GHSA-h8gr-qwr6-m9gx","reference_id":"GHSA-h8gr-qwr6-m9gx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h8gr-qwr6-m9gx"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.7","reference_id":"v5.0.7","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:51:16Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374511?format=json","purl":"pkg:composer/admidio/admidio@5.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7zeb-8ehx-2fds"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-ftut-2x4f-gfan"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.7"}],"aliases":["CVE-2026-32755","GHSA-h8gr-qwr6-m9gx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fvb-v93b-5yex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66477?format=json","vulnerability_id":"VCID-2v7e-7ztp-7bce","summary":"Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/events_function.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the user_uuid GET parameter. The condition uses || (OR), meaning if possibleToParticipate() returns true (event is open for participation), ANY user - not just leaders - can specify a different user_uuid and register/cancel participation for that user. The code then operates on $user->getValue('usr_id') (the target user from user_uuid) rather than the current user. This vulnerability is fixed in 5.0.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30927","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05399","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05407","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05416","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05421","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30927"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://github.com/Admidio/admidio/issues/1985","reference_id":"1985","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:55:23Z/"}],"url":"https://github.com/Admidio/admidio/issues/1985"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30927","reference_id":"CVE-2026-30927","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30927"},{"reference_url":"https://github.com/Admidio/admidio/commit/e47f70cc3cbcdb39635fdbaaef02d19f604b8c3e","reference_id":"e47f70cc3cbcdb39635fdbaaef02d19f604b8c3e","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:55:23Z/"}],"url":"https://github.com/Admidio/admidio/commit/e47f70cc3cbcdb39635fdbaaef02d19f604b8c3e"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-7pfv-hr63-h7cw","reference_id":"GHSA-7pfv-hr63-h7cw","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:55:23Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-7pfv-hr63-h7cw"},{"reference_url":"https://github.com/advisories/GHSA-7pfv-hr63-h7cw","reference_id":"GHSA-7pfv-hr63-h7cw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7pfv-hr63-h7cw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40408?format=json","purl":"pkg:composer/admidio/admidio@5.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-65er-wmy2-tkfs"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-7zeb-8ehx-2fds"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-bg7g-twa6-efc6"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-ftut-2x4f-gfan"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-rbc8-yecv-nqfm"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"},{"vulnerability":"VCID-xaz8-1thk-f7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.6"}],"aliases":["CVE-2026-30927","GHSA-7pfv-hr63-h7cw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2v7e-7ztp-7bce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80994?format=json","vulnerability_id":"VCID-3dxk-7ewj-g3by","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations (delete, retire, reinstate) only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for item_delete, item_retire, item_reinstate, item_picture_upload, item_picture_save, and item_picture_delete perform CSRF validation but never check whether the requesting user is an inventory administrator. Any authenticated user who can access the inventory module can permanently delete any inventory item and all its associated data. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41658","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01545","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0156","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01552","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01549","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41658"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41658","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41658"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-xqv4-xm7h-52cv","reference_id":"GHSA-xqv4-xm7h-52cv","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:55:45Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-xqv4-xm7h-52cv"},{"reference_url":"https://github.com/advisories/GHSA-xqv4-xm7h-52cv","reference_id":"GHSA-xqv4-xm7h-52cv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xqv4-xm7h-52cv"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:55:45Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-41658","GHSA-xqv4-xm7h-52cv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3dxk-7ewj-g3by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139886?format=json","vulnerability_id":"VCID-4d48-2hr3-3qca","summary":"Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4190","reference_id":"","reference_type":"","scores":[{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66505","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66611","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66598","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66613","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4190"},{"reference_url":"https://github.com/admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4190","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4190"},{"reference_url":"https://github.com/admidio/admidio/commit/391fb2af5bee641837a58e7dd66ff76eac92bb74","reference_id":"391fb2af5bee641837a58e7dd66ff76eac92bb74","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T18:00:22Z/"}],"url":"https://github.com/admidio/admidio/commit/391fb2af5bee641837a58e7dd66ff76eac92bb74"},{"reference_url":"https://huntr.dev/bounties/71bc75d2-320c-4332-ad11-9de535a06d92","reference_id":"71bc75d2-320c-4332-ad11-9de535a06d92","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T18:00:22Z/"}],"url":"https://huntr.dev/bounties/71bc75d2-320c-4332-ad11-9de535a06d92"},{"reference_url":"https://github.com/advisories/GHSA-qq8m-9rpx-w2fm","reference_id":"GHSA-qq8m-9rpx-w2fm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qq8m-9rpx-w2fm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380570?format=json","purl":"pkg:composer/admidio/admidio@4.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-8hav-zgep-f7ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-9u5z-6732-3fcn"},{"vulnerability":"VCID-b48m-bj85-q7ht"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-cmu6-hsjx-uba2"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-w7cg-3v9u-9qgc"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.2.11"}],"aliases":["CVE-2023-4190","GHSA-qq8m-9rpx-w2fm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4d48-2hr3-3qca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151768?format=json","vulnerability_id":"VCID-5uqj-g4p6-wfha","summary":"Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3302","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16774","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16915","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16928","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16941","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3302"},{"reference_url":"https://github.com/admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3302","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3302"},{"reference_url":"https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a","reference_id":"5e18619f-8379-464a-aad2-65883bb4e81a","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-07T20:02:47Z/"}],"url":"https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a"},{"reference_url":"https://github.com/admidio/admidio/commit/c87a7074a1a73c4851263060afd76aa4d5b6415f","reference_id":"c87a7074a1a73c4851263060afd76aa4d5b6415f","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-07T20:02:47Z/"}],"url":"https://github.com/admidio/admidio/commit/c87a7074a1a73c4851263060afd76aa4d5b6415f"},{"reference_url":"https://github.com/advisories/GHSA-hm75-8w6h-4f8f","reference_id":"GHSA-hm75-8w6h-4f8f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hm75-8w6h-4f8f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381659?format=json","purl":"pkg:composer/admidio/admidio@4.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-4d48-2hr3-3qca"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-8hav-zgep-f7ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-9u5z-6732-3fcn"},{"vulnerability":"VCID-b48m-bj85-q7ht"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-cmu6-hsjx-uba2"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-w7cg-3v9u-9qgc"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"},{"vulnerability":"VCID-z3uj-c5x9-pfct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.2.9"}],"aliases":["CVE-2023-3302","GHSA-hm75-8w6h-4f8f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5uqj-g4p6-wfha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80928?format=json","vulnerability_id":"VCID-7265-7sxg-gbbt","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, htaccess generation) fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GET navigations, an attacker forces an authenticated admin to trigger these actions from a malicious page. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41663","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00302","published_at":"2026-06-12T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00306","published_at":"2026-06-14T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00303","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41663"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41663","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41663"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-rw74-vc9h-534j","reference_id":"GHSA-rw74-vc9h-534j","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:41:36Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-rw74-vc9h-534j"},{"reference_url":"https://github.com/advisories/GHSA-rw74-vc9h-534j","reference_id":"GHSA-rw74-vc9h-534j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rw74-vc9h-534j"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:41:36Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-41663","GHSA-rw74-vc9h-534j"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7265-7sxg-gbbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77276?format=json","vulnerability_id":"VCID-7udf-n3kz-53ef","summary":"Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort directions, and filter conditions in the adm_list_columns table via prepared statements. However, these stored values are later read back and interpolated directly into dynamically constructed SQL queries without sanitization or parameterization, creating a classic second-order SQL injection vulnerability (safe write, unsafe read). An attacker can exploit this to inject arbitrary SQL, potentially reading, modifying, or deleting any data in the database and achieving full database compromise. This issue has been fixed in version 5.0.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32813","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12795","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12881","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.129","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1289","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32813"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32813","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32813"},{"reference_url":"https://github.com/Admidio/admidio/commit/3473bf5a7aa1bfc5043e73979719396276f4189f","reference_id":"3473bf5a7aa1bfc5043e73979719396276f4189f","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-20T14:39:25Z/"}],"url":"https://github.com/Admidio/admidio/commit/3473bf5a7aa1bfc5043e73979719396276f4189f"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-3x67-4c2c-w45m","reference_id":"GHSA-3x67-4c2c-w45m","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-20T14:39:25Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-3x67-4c2c-w45m"},{"reference_url":"https://github.com/advisories/GHSA-3x67-4c2c-w45m","reference_id":"GHSA-3x67-4c2c-w45m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3x67-4c2c-w45m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374511?format=json","purl":"pkg:composer/admidio/admidio@5.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7zeb-8ehx-2fds"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-ftut-2x4f-gfan"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.7"}],"aliases":["CVE-2026-32813","GHSA-3x67-4c2c-w45m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7udf-n3kz-53ef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102374?format=json","vulnerability_id":"VCID-8hav-zgep-f7ef","summary":"Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. This issue has been patched in version 4.3.17.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62617","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14205","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14297","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14324","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62617"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62617","reference_id":"CVE-2025-62617","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62617"},{"reference_url":"https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb","reference_id":"fde81ae869e88a3cf42201f2548d57df785a37cb","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-23T16:03:08Z/"}],"url":"https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33","reference_id":"GHSA-2v5m-cq9w-fc33","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-23T16:03:08Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33"},{"reference_url":"https://github.com/advisories/GHSA-2v5m-cq9w-fc33","reference_id":"GHSA-2v5m-cq9w-fc33","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2v5m-cq9w-fc33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34708?format=json","purl":"pkg:composer/admidio/admidio@4.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/874318?format=json","purl":"pkg:composer/admidio/admidio@5.0-Beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0-Beta.1"}],"aliases":["CVE-2025-62617","GHSA-2v5m-cq9w-fc33"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8hav-zgep-f7ef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81186?format=json","vulnerability_id":"VCID-9cxy-wsvz-fug3","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, the ecard_preview.php endpoint does not validate that the ecard_template POST parameter is a safe filename before passing it to ECard::getEcardTemplate(). An authenticated user can supply a path traversal payload (e.g., ../config.php) to read arbitrary files accessible to the web server process, including adm_my_files/config.php which contains database credentials. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41655","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16742","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16727","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16593","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16753","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41655"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41655","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41655"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-m3vp-3jjm-gpmx","reference_id":"GHSA-m3vp-3jjm-gpmx","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:54:43Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-m3vp-3jjm-gpmx"},{"reference_url":"https://github.com/advisories/GHSA-m3vp-3jjm-gpmx","reference_id":"GHSA-m3vp-3jjm-gpmx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m3vp-3jjm-gpmx"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:54:43Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-41655","GHSA-m3vp-3jjm-gpmx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9cxy-wsvz-fug3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44847?format=json","vulnerability_id":"VCID-9u5z-6732-3fcn","summary":"Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. This vulnerability is fixed in 4.3.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37906","reference_id":"","reference_type":"","scores":[{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.7379","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73805","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73716","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73806","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37906"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248","reference_id":"3ff02b0c64a6911ab3e81cd61077f392c0b25248","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-29T15:08:05Z/"}],"url":"https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37906","reference_id":"CVE-2024-37906","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37906"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3","reference_id":"GHSA-69wx-xc6j-28v3","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-29T15:08:05Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3"},{"reference_url":"https://github.com/advisories/GHSA-69wx-xc6j-28v3","reference_id":"GHSA-69wx-xc6j-28v3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69wx-xc6j-28v3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32812?format=json","purl":"pkg:composer/admidio/admidio@4.3.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-8hav-zgep-f7ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-b48m-bj85-q7ht"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-cmu6-hsjx-uba2"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.3.9"}],"aliases":["CVE-2024-37906","GHSA-69wx-xc6j-28v3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u5z-6732-3fcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58083?format=json","vulnerability_id":"VCID-b48m-bj85-q7ht","summary":"Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47836","reference_id":"","reference_type":"","scores":[{"value":"0.01616","scoring_system":"epss","scoring_elements":"0.82282","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01616","scoring_system":"epss","scoring_elements":"0.82288","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01616","scoring_system":"epss","scoring_elements":"0.82279","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01616","scoring_system":"epss","scoring_elements":"0.82217","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47836"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://github.com/Admidio/admidio/commit/176f60de6a38dde2b8e848b97647194c12cf5a6c","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio/commit/176f60de6a38dde2b8e848b97647194c12cf5a6c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47836","reference_id":"CVE-2024-47836","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47836"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-7c4c-749j-pfp2","reference_id":"GHSA-7c4c-749j-pfp2","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:04:47Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-7c4c-749j-pfp2"},{"reference_url":"https://github.com/advisories/GHSA-7c4c-749j-pfp2","reference_id":"GHSA-7c4c-749j-pfp2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7c4c-749j-pfp2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33895?format=json","purl":"pkg:composer/admidio/admidio@4.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-8hav-zgep-f7ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.3.12"}],"aliases":["CVE-2024-47836","GHSA-7c4c-749j-pfp2"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b48m-bj85-q7ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81014?format=json","vulnerability_id":"VCID-cght-tcps-wkhk","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature() method at both call sites (handleSSORequest() line 418 and handleSLORequest() line 613). The method returns error strings on failure rather than throwing exceptions, but the developer believed it would throw (per comments on lines 416 and 611). This means the smc_require_auth_signed configuration option is completely ineffective — unsigned or invalidly-signed SAML AuthnRequests and LogoutRequests are processed identically to properly signed ones. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41669","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00881","published_at":"2026-06-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00889","published_at":"2026-06-14T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00884","published_at":"2026-06-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00887","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41669"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41669","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41669"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-25cw-98hg-g3cg","reference_id":"GHSA-25cw-98hg-g3cg","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:52:11Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-25cw-98hg-g3cg"},{"reference_url":"https://github.com/advisories/GHSA-25cw-98hg-g3cg","reference_id":"GHSA-25cw-98hg-g3cg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-25cw-98hg-g3cg"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:52:11Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-41669","GHSA-25cw-98hg-g3cg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cght-tcps-wkhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37673?format=json","vulnerability_id":"VCID-cmu6-hsjx-uba2","summary":"Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL `{admidio_base_url}/adm_my_files/messages_attachments/{file_name}`. The vulnerability is caused due to the lack of file extension verification, allowing malicious files to be uploaded to the server and public availability of the uploaded file. This vulnerability is fixed in 4.3.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38529","reference_id":"","reference_type":"","scores":[{"value":"0.04216","scoring_system":"epss","scoring_elements":"0.89037","published_at":"2026-06-12T12:55:00Z"},{"value":"0.04216","scoring_system":"epss","scoring_elements":"0.89044","published_at":"2026-06-14T12:55:00Z"},{"value":"0.04216","scoring_system":"epss","scoring_elements":"0.88999","published_at":"2026-06-11T12:55:00Z"},{"value":"0.04216","scoring_system":"epss","scoring_elements":"0.89045","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38529"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://github.com/Admidio/admidio/commit/3b1cc1cda05747edebe15f2825b79bc5a673d94c","reference_id":"3b1cc1cda05747edebe15f2825b79bc5a673d94c","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-29T16:25:32Z/"}],"url":"https://github.com/Admidio/admidio/commit/3b1cc1cda05747edebe15f2825b79bc5a673d94c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38529","reference_id":"CVE-2024-38529","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38529"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm","reference_id":"GHSA-g872-jwwr-vggm","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-29T16:25:32Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm"},{"reference_url":"https://github.com/advisories/GHSA-g872-jwwr-vggm","reference_id":"GHSA-g872-jwwr-vggm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g872-jwwr-vggm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32813?format=json","purl":"pkg:composer/admidio/admidio@4.3.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-8hav-zgep-f7ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-b48m-bj85-q7ht"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.3.10"}],"aliases":["CVE-2024-38529","GHSA-g872-jwwr-vggm"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmu6-hsjx-uba2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208567?format=json","vulnerability_id":"VCID-e3vb-y7f7-3fbn","summary":"Insufficient Session Expiration in Admidio","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0991","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47121","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46984","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.4714","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47125","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0991"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://github.com/admidio/admidio/commit/e84e472ebe517e2ff5795c46dc10b5f49dc4d46a","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/admidio/admidio/commit/e84e472ebe517e2ff5795c46dc10b5f49dc4d46a"},{"reference_url":"https://github.com/Admidio/admidio/issues/1238","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio/issues/1238"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v4.1.9","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio/releases/tag/v4.1.9"},{"reference_url":"https://huntr.dev/bounties/1c406a4e-15d0-4920-8495-731c48473ba4","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/1c406a4e-15d0-4920-8495-731c48473ba4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0991","reference_id":"CVE-2022-0991","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0991"},{"reference_url":"https://github.com/advisories/GHSA-mf79-f657-47ww","reference_id":"GHSA-mf79-f657-47ww","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mf79-f657-47ww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19812?format=json","purl":"pkg:composer/admidio/admidio@4.1.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.1.9"}],"aliases":["CVE-2022-0991","GHSA-mf79-f657-47ww"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e3vb-y7f7-3fbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81039?format=json","vulnerability_id":"VCID-e6ax-vu9m-w7cy","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint (members_assignment_data.php) includes hidden profile fields (BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY) in its SQL search condition regardless of field visibility settings. While the JSON output correctly suppresses hidden columns via isVisible() checks, the server-side search operates at the SQL level before any visibility filtering. This allows a role leader with assign-only permissions to infer hidden PII values by observing which users appear in search results for specific values. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41659","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01114","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01123","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01116","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01121","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41659"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41659","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41659"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-68pr-7prh-mpv4","reference_id":"GHSA-68pr-7prh-mpv4","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:44:39Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-68pr-7prh-mpv4"},{"reference_url":"https://github.com/advisories/GHSA-68pr-7prh-mpv4","reference_id":"GHSA-68pr-7prh-mpv4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68pr-7prh-mpv4"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:44:39Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-41659","GHSA-68pr-7prh-mpv4"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ax-vu9m-w7cy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81069?format=json","vulnerability_id":"VCID-fkjv-k3bn-fycz","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint (/modules/sso/index.php/oidc/introspect) always returns {\"active\": true} for every request, regardless of whether a valid token is provided, whether the token is expired, revoked, or completely fabricated. The endpoint performs no authentication of the calling resource server and no validation of the submitted token. Any resource server that relies on this introspection endpoint to validate access tokens will accept all requests as authorized, enabling complete authentication bypass. Additionally, the OIDC token revocation endpoint (/oidc/revoke) returns {\"revoked\": true} without actually revoking any token, preventing resource servers from invalidating compromised credentials. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41671","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05909","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05894","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05883","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.059","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41671"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41671","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41671"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-9xx5-cv6j-x533","reference_id":"GHSA-9xx5-cv6j-x533","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:46:16Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-9xx5-cv6j-x533"},{"reference_url":"https://github.com/advisories/GHSA-9xx5-cv6j-x533","reference_id":"GHSA-9xx5-cv6j-x533","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9xx5-cv6j-x533"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:46:16Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-41671","GHSA-9xx5-cv6j-x533"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fkjv-k3bn-fycz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80660?format=json","vulnerability_id":"VCID-fu29-aqjh-gkgp","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the registered ACS URL (smc_acs_url) stored in the database for the corresponding service provider client. An attacker who knows the Entity ID of a registered SP client can craft a SAML AuthnRequest with an arbitrary AssertionConsumerServiceURL, causing the IdP to send the signed SAML response -- containing user identity attributes (login name, email, roles, profile fields) -- to an attacker-controlled URL. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41670","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0552","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05506","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05495","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05514","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41670"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41670","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41670"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-p9w9-87c8-m235","reference_id":"GHSA-p9w9-87c8-m235","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:43:57Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-p9w9-87c8-m235"},{"reference_url":"https://github.com/advisories/GHSA-p9w9-87c8-m235","reference_id":"GHSA-p9w9-87c8-m235","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p9w9-87c8-m235"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:43:57Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-41670","GHSA-p9w9-87c8-m235"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fu29-aqjh-gkgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75035?format=json","vulnerability_id":"VCID-gkaw-e4t9-q3ha","summary":"Admidio is an open-source user management solution. Prior to version 5.0.8, the create_user, assign_member, and assign_user action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the delete_user mode in the same file (which correctly validates the token), these three approval actions read their parameters from $_GET and perform irreversible state changes without any protection. An attacker who has submitted a pending registration can extract their own user UUID from the registration confirmation email URL, then trick any user with the rol_approve_users right into visiting a crafted URL that automatically approves the registration. This bypasses the manual registration approval workflow entirely. This issue has been patched in version 5.0.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34384","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00772","published_at":"2026-06-11T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00774","published_at":"2026-06-14T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00769","published_at":"2026-06-12T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00771","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34384"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34384","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34384"},{"reference_url":"https://github.com/Admidio/admidio/commit/707171c188b3e8f36007fc3f2bccbfac896ed019","reference_id":"707171c188b3e8f36007fc3f2bccbfac896ed019","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-01T15:48:30Z/"}],"url":"https://github.com/Admidio/admidio/commit/707171c188b3e8f36007fc3f2bccbfac896ed019"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-ph84-r98x-2j22","reference_id":"GHSA-ph84-r98x-2j22","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-01T15:48:30Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-ph84-r98x-2j22"},{"reference_url":"https://github.com/advisories/GHSA-ph84-r98x-2j22","reference_id":"GHSA-ph84-r98x-2j22","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ph84-r98x-2j22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374819?format=json","purl":"pkg:composer/admidio/admidio@5.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.8"}],"aliases":["CVE-2026-34384","GHSA-ph84-r98x-2j22"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkaw-e4t9-q3ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151763?format=json","vulnerability_id":"VCID-h52w-k262-7yay","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3109","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4241","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42399","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42223","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42388","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3109"},{"reference_url":"https://github.com/admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3109","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3109"},{"reference_url":"https://huntr.dev/bounties/6fa6070e-8f7f-43ae-8a84-e36b28256123","reference_id":"6fa6070e-8f7f-43ae-8a84-e36b28256123","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T17:25:30Z/"}],"url":"https://huntr.dev/bounties/6fa6070e-8f7f-43ae-8a84-e36b28256123"},{"reference_url":"https://github.com/admidio/admidio/commit/a7c211b835cafe1158932fbfcff9e5552e57510a","reference_id":"a7c211b835cafe1158932fbfcff9e5552e57510a","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T17:25:30Z/"}],"url":"https://github.com/admidio/admidio/commit/a7c211b835cafe1158932fbfcff9e5552e57510a"},{"reference_url":"https://github.com/advisories/GHSA-gx4r-fvwg-8678","reference_id":"GHSA-gx4r-fvwg-8678","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gx4r-fvwg-8678"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381672?format=json","purl":"pkg:composer/admidio/admidio@4.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19r9-6x29-sub9"},{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-4d48-2hr3-3qca"},{"vulnerability":"VCID-5uqj-g4p6-wfha"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-8hav-zgep-f7ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-9u5z-6732-3fcn"},{"vulnerability":"VCID-b48m-bj85-q7ht"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-cmu6-hsjx-uba2"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-ufxe-4kt3-zkd7"},{"vulnerability":"VCID-w7cg-3v9u-9qgc"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"},{"vulnerability":"VCID-z3uj-c5x9-pfct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.2.8"}],"aliases":["CVE-2023-3109","GHSA-gx4r-fvwg-8678"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h52w-k262-7yay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75266?format=json","vulnerability_id":"VCID-kw2m-w6jh-2kbr","summary":"Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user can craft a direct POST request to save arbitrary inventory item data without CSRF protection and without the field value checks that the FormPresenter validation normally enforces. This issue has been patched in version 5.0.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34383","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01777","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01792","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01782","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01784","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34383"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34383","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34383"},{"reference_url":"https://github.com/Admidio/admidio/commit/00494b95dfe847af8b938e4397e5d909d8f36839","reference_id":"00494b95dfe847af8b938e4397e5d909d8f36839","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:30:13Z/"}],"url":"https://github.com/Admidio/admidio/commit/00494b95dfe847af8b938e4397e5d909d8f36839"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-4rwm-c5mj-wh7x","reference_id":"GHSA-4rwm-c5mj-wh7x","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:30:13Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-4rwm-c5mj-wh7x"},{"reference_url":"https://github.com/advisories/GHSA-4rwm-c5mj-wh7x","reference_id":"GHSA-4rwm-c5mj-wh7x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4rwm-c5mj-wh7x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374819?format=json","purl":"pkg:composer/admidio/admidio@5.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.8"}],"aliases":["CVE-2026-34383","GHSA-4rwm-c5mj-wh7x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kw2m-w6jh-2kbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80744?format=json","vulnerability_id":"VCID-mt9r-gp26-1ugs","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A group leader with profile edit rights on an admin account can strip that admin's 2FA. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41660","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08707","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08744","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08752","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08748","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41660"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41660","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41660"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-rh3w-4ccx-prf9","reference_id":"GHSA-rh3w-4ccx-prf9","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:44:27Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-rh3w-4ccx-prf9"},{"reference_url":"https://github.com/advisories/GHSA-rh3w-4ccx-prf9","reference_id":"GHSA-rh3w-4ccx-prf9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rh3w-4ccx-prf9"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:44:27Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-41660","GHSA-rh3w-4ccx-prf9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mt9r-gp26-1ugs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77125?format=json","vulnerability_id":"VCID-qgtv-w3xw-gye1","summary":"Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unrestricted file upload vulnerability in the Documents & Files module. Due to a design flaw in how CSRF token validation and file extension verification interact within UploadHandlerFile.php, an authenticated user with upload permissions can bypass file extension restrictions by intentionally submitting an invalid CSRF token. This allows the upload of arbitrary file types, including PHP scripts, which may lead to Remote Code Execution on the server, resulting in full server compromise, data exfiltration, and lateral movement. This issue has been fixed in version 5.0.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32756","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16464","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16594","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16609","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16621","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32756"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32756","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32756"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-95cq-p4w2-32w5","reference_id":"GHSA-95cq-p4w2-32w5","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-20T17:06:10Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-95cq-p4w2-32w5"},{"reference_url":"https://github.com/advisories/GHSA-95cq-p4w2-32w5","reference_id":"GHSA-95cq-p4w2-32w5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-95cq-p4w2-32w5"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.7","reference_id":"v5.0.7","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-20T17:06:10Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374511?format=json","purl":"pkg:composer/admidio/admidio@5.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7zeb-8ehx-2fds"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-ftut-2x4f-gfan"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.7"}],"aliases":["CVE-2026-32756","GHSA-95cq-p4w2-32w5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgtv-w3xw-gye1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81109?format=json","vulnerability_id":"VCID-qy61-2tgr-xqgj","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership() does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership() contains this safety check, but the current code path bypasses it. Any administrator can remove the last remaining other administrator, locking the entire system out of administrative access. The exploit does not require concurrent requests; sequential removals produce the same result. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41662","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01756","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01767","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01752","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0176","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41662"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41662","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41662"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-c7xm-r6vj-8vg6","reference_id":"GHSA-c7xm-r6vj-8vg6","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:05:50Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-c7xm-r6vj-8vg6"},{"reference_url":"https://github.com/advisories/GHSA-c7xm-r6vj-8vg6","reference_id":"GHSA-c7xm-r6vj-8vg6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c7xm-r6vj-8vg6"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:05:50Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-41662","GHSA-c7xm-r6vj-8vg6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qy61-2tgr-xqgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77526?format=json","vulnerability_id":"VCID-sucx-bf78-2ydt","summary":"Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $_POST['ecard_message'] value instead of the HTMLPurifier-sanitized $formValues['ecard_message'] when constructing the greeting card HTML. This allows an authenticated attacker to inject arbitrary HTML and JavaScript into greeting card emails sent to other members, bypassing the server-side HTMLPurifier sanitization that is properly applied to the ecard_message field during form validation. An attack can result in any member or role receiving phishing content that appears legitimate, crossing from the web application into recipients' email clients. This issue has been fixed in version 5.0.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32757","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03754","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03757","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03734","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03744","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32757"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32757","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32757"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-4wr4-f2qf-x5wj","reference_id":"GHSA-4wr4-f2qf-x5wj","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:48:15Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-4wr4-f2qf-x5wj"},{"reference_url":"https://github.com/advisories/GHSA-4wr4-f2qf-x5wj","reference_id":"GHSA-4wr4-f2qf-x5wj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4wr4-f2qf-x5wj"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.7","reference_id":"v5.0.7","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:48:15Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374511?format=json","purl":"pkg:composer/admidio/admidio@5.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7zeb-8ehx-2fds"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-ftut-2x4f-gfan"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.7"}],"aliases":["CVE-2026-32757","GHSA-4wr4-f2qf-x5wj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sucx-bf78-2ydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80703?format=json","vulnerability_id":"VCID-t3tn-k9rg-4uht","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type (HTML encoding), allowing path traversal characters (../) to pass through unfiltered. Combined with the absence of CSRF protection on this endpoint and SameSite=Lax session cookies, a low-privileged attacker can trick a documents administrator into clicking a crafted link that registers an arbitrary server file (e.g., install/config.php containing database credentials) into a documents folder accessible to the attacker. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41656","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01389","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01403","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01386","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01397","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41656"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41656","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41656"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-m9h6-8pqm-xrhf","reference_id":"GHSA-m9h6-8pqm-xrhf","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:04:52Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-m9h6-8pqm-xrhf"},{"reference_url":"https://github.com/advisories/GHSA-m9h6-8pqm-xrhf","reference_id":"GHSA-m9h6-8pqm-xrhf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m9h6-8pqm-xrhf"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:04:52Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-41656","GHSA-m9h6-8pqm-xrhf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t3tn-k9rg-4uht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81129?format=json","vulnerability_id":"VCID-u7jz-9sxc-2bg9","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msg_window.php. The endpoint passes user input through htmlspecialchars(), which does not encode square brackets. A subsequent call to Language::prepareTextPlaceholders() converts those brackets into HTML angle brackets, producing executable markup. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41661","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2513","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25135","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2493","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25148","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41661"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41661","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41661"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-gq27-fc8w-vcmp","reference_id":"GHSA-gq27-fc8w-vcmp","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:55:38Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-gq27-fc8w-vcmp"},{"reference_url":"https://github.com/advisories/GHSA-gq27-fc8w-vcmp","reference_id":"GHSA-gq27-fc8w-vcmp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gq27-fc8w-vcmp"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:55:38Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-41661","GHSA-gq27-fc8w-vcmp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7jz-9sxc-2bg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210930?format=json","vulnerability_id":"VCID-uftx-9d9x-gygu","summary":"Cross-site Scripting in admidio","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23896","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43028","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42869","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43037","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43047","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23896"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://github.com/admidio/admidio/commit/1ff30f7cc7159bfa0235a7df3f60c0771a0e22a9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/admidio/admidio/commit/1ff30f7cc7159bfa0235a7df3f60c0771a0e22a9"},{"reference_url":"https://huntr.dev/bounties/79c2d16c-bae2-417f-ab50-10c52707a30f","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/79c2d16c-bae2-417f-ab50-10c52707a30f"},{"reference_url":"https://huntr.dev/bounties/79c2d16c-bae2-417f-ab50-10c52707a30f/","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.dev/bounties/79c2d16c-bae2-417f-ab50-10c52707a30f/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23896","reference_id":"CVE-2022-23896","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23896"},{"reference_url":"https://github.com/advisories/GHSA-qr6m-f3gv-8678","reference_id":"GHSA-qr6m-f3gv-8678","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qr6m-f3gv-8678"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25095?format=json","purl":"pkg:composer/admidio/admidio@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19r9-6x29-sub9"},{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-4d48-2hr3-3qca"},{"vulnerability":"VCID-5uqj-g4p6-wfha"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-8hav-zgep-f7ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-9u5z-6732-3fcn"},{"vulnerability":"VCID-b48m-bj85-q7ht"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-cmu6-hsjx-uba2"},{"vulnerability":"VCID-e3vb-y7f7-3fbn"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-h52w-k262-7yay"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-ufxe-4kt3-zkd7"},{"vulnerability":"VCID-w7cg-3v9u-9qgc"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"},{"vulnerability":"VCID-z3uj-c5x9-pfct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.1.3"}],"aliases":["CVE-2022-23896","GHSA-qr6m-f3gv-8678"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uftx-9d9x-gygu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151740?format=json","vulnerability_id":"VCID-ufxe-4kt3-zkd7","summary":"Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3303","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23939","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24125","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24137","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24146","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3303"},{"reference_url":"https://github.com/admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3303","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3303"},{"reference_url":"https://github.com/admidio/admidio/commit/3d8bafaa4e9b7a314ffdf548622a8c7b38faee8a","reference_id":"3d8bafaa4e9b7a314ffdf548622a8c7b38faee8a","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T19:58:33Z/"}],"url":"https://github.com/admidio/admidio/commit/3d8bafaa4e9b7a314ffdf548622a8c7b38faee8a"},{"reference_url":"https://huntr.dev/bounties/65d260cc-55a9-4e71-888d-cb2f66c071af","reference_id":"65d260cc-55a9-4e71-888d-cb2f66c071af","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T19:58:33Z/"}],"url":"https://huntr.dev/bounties/65d260cc-55a9-4e71-888d-cb2f66c071af"},{"reference_url":"https://github.com/advisories/GHSA-vmxg-wx6c-4f3r","reference_id":"GHSA-vmxg-wx6c-4f3r","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vmxg-wx6c-4f3r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381659?format=json","purl":"pkg:composer/admidio/admidio@4.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-4d48-2hr3-3qca"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-8hav-zgep-f7ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-9u5z-6732-3fcn"},{"vulnerability":"VCID-b48m-bj85-q7ht"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-cmu6-hsjx-uba2"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-w7cg-3v9u-9qgc"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"},{"vulnerability":"VCID-z3uj-c5x9-pfct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.2.9"}],"aliases":["CVE-2023-3303","GHSA-vmxg-wx6c-4f3r"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufxe-4kt3-zkd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357074?format=json","vulnerability_id":"VCID-w7cg-3v9u-9qgc","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47380","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57718","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57833","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57849","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.5784","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47380"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v4.2.13","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio/releases/tag/v4.2.13"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47380","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47380"},{"reference_url":"https://www.admidio.org/intern/adm_program/modules/announcements/announcements.php?ann_uuid=714ead2b-1718-4251-a9a3-f1b0df12d60e&headline=Blog","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.admidio.org/intern/adm_program/modules/announcements/announcements.php?ann_uuid=714ead2b-1718-4251-a9a3-f1b0df12d60e&headline=Blog"},{"reference_url":"https://www.getastra.com/blog/security-audit/reflected-xss-vulnerability-in-admidio","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.getastra.com/blog/security-audit/reflected-xss-vulnerability-in-admidio"},{"reference_url":"https://www.getastra.com/blog/security-audit/reflected-xss-vulnerability-in-admidio/","reference_id":"","reference_type":"","scores":[],"url":"https://www.getastra.com/blog/security-audit/reflected-xss-vulnerability-in-admidio/"},{"reference_url":"https://github.com/advisories/GHSA-vm4p-gh82-xq96","reference_id":"GHSA-vm4p-gh82-xq96","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vm4p-gh82-xq96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381093?format=json","purl":"pkg:composer/admidio/admidio@4.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-8hav-zgep-f7ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-9u5z-6732-3fcn"},{"vulnerability":"VCID-b48m-bj85-q7ht"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-cmu6-hsjx-uba2"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.2.13"}],"aliases":["CVE-2023-47380","GHSA-vm4p-gh82-xq96"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7cg-3v9u-9qgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70477?format=json","vulnerability_id":"VCID-wfqm-fua3-zya4","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetch_metadata.php validates the resolved IP address but passes the original hostname-based URL to curl_init(), leaving a DNS rebinding TOCTOU window that allows redirecting requests to internal IPs. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42194","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11556","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11517","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11548","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11479","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42194"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42194","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42194"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-6j68-gcc3-mq73","reference_id":"GHSA-6j68-gcc3-mq73","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-6j68-gcc3-mq73"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-hcjj-chvw-fmw9","reference_id":"GHSA-hcjj-chvw-fmw9","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:56:01Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-hcjj-chvw-fmw9"},{"reference_url":"https://github.com/advisories/GHSA-hcjj-chvw-fmw9","reference_id":"GHSA-hcjj-chvw-fmw9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hcjj-chvw-fmw9"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:56:01Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-42194","GHSA-hcjj-chvw-fmw9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wfqm-fua3-zya4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80717?format=json","vulnerability_id":"VCID-x4ky-q7yw-abft","summary":"Admidio is an open-source user management solution. Prior to version 5.0.9, the contacts_data.php endpoint uses a weaker permission check (isAdministratorUsers(), requiring only rol_edit_user=true) than the frontend UI (contacts.php) which correctly requires the stronger isAdministrator() (requiring rol_administrator=true) and the contacts_show_all system setting. A user manager who is not a full administrator can directly request contacts_data.php?mem_show_filter=3 to retrieve all user records across all organizations in the Admidio instance, bypassing multi-tenant organization isolation. This issue has been patched in version 5.0.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41657","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02311","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02313","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02312","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02306","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41657"},{"reference_url":"https://github.com/Admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41657","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41657"},{"reference_url":"https://github.com/Admidio/admidio/security/advisories/GHSA-g8p8-94f2-28gr","reference_id":"GHSA-g8p8-94f2-28gr","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:44:19Z/"}],"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-g8p8-94f2-28gr"},{"reference_url":"https://github.com/advisories/GHSA-g8p8-94f2-28gr","reference_id":"GHSA-g8p8-94f2-28gr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g8p8-94f2-28gr"},{"reference_url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9","reference_id":"v5.0.9","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:44:19Z/"}],"url":"https://github.com/Admidio/admidio/releases/tag/v5.0.9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41770?format=json","purl":"pkg:composer/admidio/admidio@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vve-cmd3-kubv"},{"vulnerability":"VCID-3rp5-mkwx-7bdj"},{"vulnerability":"VCID-5p5t-f1fw-gyde"},{"vulnerability":"VCID-anxa-1tvq-mfeg"},{"vulnerability":"VCID-bdem-ecr9-rffu"},{"vulnerability":"VCID-d3qc-9yrn-kqe3"},{"vulnerability":"VCID-f6ee-zq8f-n7g9"},{"vulnerability":"VCID-pnmv-wb8x-4qd9"},{"vulnerability":"VCID-z2es-zsqn-yydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@5.0.9"}],"aliases":["CVE-2026-41657","GHSA-g8p8-94f2-28gr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4ky-q7yw-abft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151583?format=json","vulnerability_id":"VCID-z3uj-c5x9-pfct","summary":"Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3692","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23294","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23273","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23087","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23283","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3692"},{"reference_url":"https://github.com/admidio/admidio","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/admidio/admidio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3692","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3692"},{"reference_url":"https://huntr.dev/bounties/be6616eb-384d-40d6-b1fd-0ec9e4973f12","reference_id":"be6616eb-384d-40d6-b1fd-0ec9e4973f12","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L"},{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:06:22Z/"}],"url":"https://huntr.dev/bounties/be6616eb-384d-40d6-b1fd-0ec9e4973f12"},{"reference_url":"https://github.com/admidio/admidio/commit/d66585d14b1160712a8a9bfaf9769dd3da0e9a83","reference_id":"d66585d14b1160712a8a9bfaf9769dd3da0e9a83","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L"},{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:06:22Z/"}],"url":"https://github.com/admidio/admidio/commit/d66585d14b1160712a8a9bfaf9769dd3da0e9a83"},{"reference_url":"https://github.com/advisories/GHSA-q347-jrx8-5pw9","reference_id":"GHSA-q347-jrx8-5pw9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q347-jrx8-5pw9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381483?format=json","purl":"pkg:composer/admidio/admidio@4.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fvb-v93b-5yex"},{"vulnerability":"VCID-2v7e-7ztp-7bce"},{"vulnerability":"VCID-3dxk-7ewj-g3by"},{"vulnerability":"VCID-4d48-2hr3-3qca"},{"vulnerability":"VCID-7265-7sxg-gbbt"},{"vulnerability":"VCID-7udf-n3kz-53ef"},{"vulnerability":"VCID-8hav-zgep-f7ef"},{"vulnerability":"VCID-9cxy-wsvz-fug3"},{"vulnerability":"VCID-9u5z-6732-3fcn"},{"vulnerability":"VCID-b48m-bj85-q7ht"},{"vulnerability":"VCID-cght-tcps-wkhk"},{"vulnerability":"VCID-cmu6-hsjx-uba2"},{"vulnerability":"VCID-e6ax-vu9m-w7cy"},{"vulnerability":"VCID-fkjv-k3bn-fycz"},{"vulnerability":"VCID-fu29-aqjh-gkgp"},{"vulnerability":"VCID-gkaw-e4t9-q3ha"},{"vulnerability":"VCID-kw2m-w6jh-2kbr"},{"vulnerability":"VCID-mt9r-gp26-1ugs"},{"vulnerability":"VCID-qgtv-w3xw-gye1"},{"vulnerability":"VCID-qy61-2tgr-xqgj"},{"vulnerability":"VCID-sucx-bf78-2ydt"},{"vulnerability":"VCID-t3tn-k9rg-4uht"},{"vulnerability":"VCID-u7jz-9sxc-2bg9"},{"vulnerability":"VCID-w7cg-3v9u-9qgc"},{"vulnerability":"VCID-wfqm-fua3-zya4"},{"vulnerability":"VCID-x4ky-q7yw-abft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.2.10"}],"aliases":["CVE-2023-3692","GHSA-q347-jrx8-5pw9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z3uj-c5x9-pfct"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/admidio/admidio@4.1.0"}