Description

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL `{admidio_base_url}/adm_my_files/messages_attachments/{file_name}`. The vulnerability is caused due to the lack of file extension verification, allowing malicious files to be uploaded to the server and public availability of the uploaded file. This vulnerability is fixed in 4.3.10.

INFO

Published Date :

2024-07-29T14:29:51.147Z

Last Modified :

2024-08-02T04:12:25.623Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-38529 vulnerability.

Vendors Products
Admidio
  • Admidio
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-38529.

URL Resource
https://github.com/Admidio/admidio/commit/3b1cc1cda05747edebe15f2825b79bc5a673d94c cve-icon cve-icon
https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact