CVE-2020-11004

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11004

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11004.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-11004

Related

GHSA-qh57-rcff-gx54

Published

2020-04-24T21:15:13.747Z

Modified

2025-11-14T10:08:51.642412Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13.

References

Affected packages

Git / github.com/admidio/admidio

Affected ranges

Type: GIT
Repo: https://github.com/admidio/admidio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ea5d6f114b151ed11ec0ad7cb47bd729e77a874a

Affected versions

3.*

3.0-Beta.1

3.0-Beta.2

3.0-Beta.3

3.0-Beta.4

3.0.0

v3.*

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.6

v3.1-Beta.1

v3.1-Beta.2

v3.1-Beta.3

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.2-Beta.1

v3.2-Beta.2

v3.2-Beta.3

v3.2.0

v3.2.1

v3.2.10

v3.2.11

v3.2.12

v3.2.13

v3.2.14

v3.2.15

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.5.1

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.3-Beta.1

v3.3-Beta.2

v3.3-Beta.3

v3.3-Beta.4

v3.3.0

v3.3.1

v3.3.10

v3.3.11

v3.3.12

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9