Home  ›  Malware  ›  Malware Analysis  ›  News and Indicators - Latest topics

Admidio Application Security Update Advisory (CVE-2024-38529)

on Post a Comment

Overview
 

Admidio has released an update to address a vulnerability in their application. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-38529

  • Admidio version: ~ 4.3.10 (excluded)

 

CVE-2024-37906

  • Admidio version: ~ 4.3.9 (excluded)

     

 

Resolved Vulnerabilities

Remote code execution vulnerability in the Messages module in the Admidio application (CVE-2024-38529)
SQL injection vulnerability in the `/adm_program/modules/ecards/ecard_send.php` source file in the Admidio application that could compromise the application’s database (CVE-2024-37906)

 

Vulnerability Patches

The following Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-38529

  • Admidio version: 4.3.10

 

CVE-2024-37906

  • Admidio version: 4.3.9

     

Referenced Sites

[1] CVE-2024-38529 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-38529

[2] RCE via Arbitrary File Upload in Message Attachment

https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm

[3] CVE-2024-37906 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-37906

[4] Blind SQL Injection in ecard_send.php

https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3

Article Link: Admidio Application Security Update Advisory (CVE-2024-38529) – ASEC

1 post - 1 participant

Read full topic



Malware Analysis, News and Indicators - Latest topics
Malware Malware Analysis News and Indicators - Latest topics
Sp123
"The real threat is actually not when the computer begins to think like a human, but when humans begin to think like computers."

Post a Comment

Post a Comment