CVE-2025-62617 (CNNVD-202510-2803)
中文标题:
Admidio SQL注入漏洞
英文标题:
Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality
漏洞描述
中文描述:
Admidio是Admidio团队的一套开源的成员管理系统。该系统支持成员列表、事件管理、留言簿、相册和下载等功能。 Admidio 4.3.17之前版本存在SQL注入漏洞,该漏洞源于成员分配数据检索功能存在SQL注入,可能导致数据库完全破解。
英文描述:
Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. This issue has been patched in version 4.3.17.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Admidio | admidio | < 4.3.17 | - | - |
cpe:2.3:a:admidio:admidio:<_4.3.17:*:*:*:*:*:*:*
|
| admidio | admidio | * | - | - |
cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (cna)
HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-62617 |
2025-11-11 15:23:33 | 2025-11-11 07:40:49 |
| NVD | nvd_CVE-2025-62617 |
2025-11-11 15:01:06 | 2025-11-11 07:48:35 |
| CNNVD | cnnvd_CNNVD-202510-2803 |
2025-11-11 15:13:00 | 2025-11-11 08:00:18 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> SQL注入
- cnnvd_id: 未提取 -> CNNVD-202510-2803
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']