Impact
SQL Injection was discovered in Admidio 3.3.12. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization. Thus, an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system.
Patches
Users should upgrade to 3.3.13.
References
For more information
If you have any questions or comments about this advisory:
Impact
SQL Injection was discovered in Admidio 3.3.12. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization. Thus, an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system.
Patches
Users should upgrade to 3.3.13.
References
For more information
If you have any questions or comments about this advisory: