We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Exposure version installed on the system in admidio/admidio

Valid

Reported on

Jun 27th 2023

Description

Users can check the version of Admidio installed on the system.

Proof of Concept

Go to http://<domain>/adm_program/modules/preferences/update_check.php?mode=2

Acknowledge

Tran Van Nhan from bl4ckh0l3 of GalaxyOne

Impact

If a version of Admidio is installed on the system that contain any vulnerability, this information could potentially be utilized to initiate subsequent attacks.

We are processing your report and will contact the admidio team within 24 hours. 3 months ago
Tran Van Nhan modified the report
3 months ago
Tran Van Nhan modified the report
3 months ago
Tran Van Nhan modified the report
3 months ago
We have contacted a member of the admidio team and are waiting to hear back 3 months ago
Markus Faßbender validated this vulnerability 2 months ago
Tran Van Nhan has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Markus Faßbender marked this as fixed in 4.2.10 with commit bfac72 2 months ago
Markus Faßbender has been awarded the fix bounty
This vulnerability will not receive a CVE
This vulnerability is scheduled to go public on Jul 16th 2023
update_check.php#L22-L25 has been validated
Markus Faßbender published this vulnerability 2 months ago
to join this conversation