CVE-2024-37906 - OpenCVE

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. This vulnerability is fixed in 4.3.9.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248
https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-29T14:22:57.188Z

Updated: 2024-08-02T04:04:23.431Z

Reserved: 2024-06-10T19:54:41.362Z

Link: CVE-2024-37906

Vulnrichment

Updated: 2024-08-02T04:04:23.431Z

NVD

Status : Awaiting Analysis

Published: 2024-07-29T15:15:10.747

Modified: 2024-07-29T16:21:52.517

Link: CVE-2024-37906

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37906", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-10T19:54:41.362Z", "datePublished": "2024-07-29T14:22:57.188Z", "dateUpdated": "2024-08-02T04:04:23.431Z"}, "containers": {"cna": {"title": "Admidio has Blind SQL Injection in ecard_send.php", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3"}, {"name": "https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248", "tags": ["x_refsource_MISC"], "url": "https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248"}], "affected": [{"vendor": "Admidio", "product": "admidio", "versions": [{"version": "< 4.3.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-29T14:22:57.188Z"}, "descriptions": [{"lang": "en", "value": "Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. This vulnerability is fixed in 4.3.9."}], "source": {"advisory": "GHSA-69wx-xc6j-28v3", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "admidio", "product": "admidio", "cpes": ["cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.3.9", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-29T15:08:05.485702Z", "id": "CVE-2024-37906", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T15:09:45.520Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:04:23.431Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3"}, {"name": "https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3", "name": "https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248", "name": "https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:04:23.431Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37906", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-29T15:08:05.485702Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*"], "vendor": "admidio", "product": "admidio", "versions": [{"status": "affected", "version": "0", "lessThan": "4.3.9", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T15:09:41.011Z"}}], "cna": {"title": "Admidio has Blind SQL Injection in ecard_send.php", "source": {"advisory": "GHSA-69wx-xc6j-28v3", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Admidio", "product": "admidio", "versions": [{"status": "affected", "version": "< 4.3.9"}]}], "references": [{"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3", "name": "https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248", "name": "https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. This vulnerability is fixed in 4.3.9."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-29T14:22:57.188Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37906", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:04:23.431Z", "dateReserved": "2024-06-10T19:54:41.362Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-07-29T14:22:57.188Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. This vulnerability is fixed in 4.3.9."}, {"lang": "es", "value": "Admidio es un sistema de gesti\u00f3n de usuarios gratuito y de c\u00f3digo abierto para sitios web de organizaciones y grupos. En Admidio anterior a la versi\u00f3n 4.3.9, hay una inyecci\u00f3n SQL en el archivo fuente `/adm_program/modules/ecards/ecard_send.php` de la aplicaci\u00f3n Admidio. La inyecci\u00f3n SQL resulta en un compromiso de la base de datos de la aplicaci\u00f3n. El valor del par\u00e1metro POST `ecard_recipients `se concatena directamente con la consulta SQL en el c\u00f3digo fuente que causa la inyecci\u00f3n SQL. La inyecci\u00f3n SQL puede ser explotada por un usuario miembro, utilizando cargas \u00fatiles de inyecci\u00f3n SQL ciegas basadas en condiciones, basadas en tiempo y fuera de banda. Esta vulnerabilidad se solucion\u00f3 en 4.3.9."}], "id": "CVE-2024-37906", "lastModified": "2024-07-29T16:21:52.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-07-29T15:15:10.747", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248"}, {"source": "security-advisories@github.com", "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Secondary"}]}