CVE-2024-47836
16.10.2024, 20:15
Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.
| Vendor | Product | Version |
|---|---|---|
| admidio | admidio | 𝑥 < 4.3.12 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-502 - Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.