{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T07:48:47.245","vulnerabilities":[{"cve":{"id":"CVE-2024-37906","sourceIdentifier":"security-advisories@github.com","published":"2024-07-29T15:15:10.747","lastModified":"2025-03-06T14:55:28.160","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. This vulnerability is fixed in 4.3.9."},{"lang":"es","value":"Admidio es un sistema de gestión de usuarios gratuito y de código abierto para sitios web de organizaciones y grupos. En Admidio anterior a la versión 4.3.9, hay una inyección SQL en el archivo fuente `/adm_program/modules/ecards/ecard_send.php` de la aplicación Admidio. La inyección SQL resulta en un compromiso de la base de datos de la aplicación. El valor del parámetro POST `ecard_recipients `se concatena directamente con la consulta SQL en el código fuente que causa la inyección SQL. La inyección SQL puede ser explotada por un usuario miembro, utilizando cargas útiles de inyección SQL ciegas basadas en condiciones, basadas en tiempo y fuera de banda. Esta vulnerabilidad se solucionó en 4.3.9."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*","versionEndExcluding":"4.3.9","matchCriteriaId":"FA2DCF7C-EA85-432B-A8BF-F85600D19D7A"}]}]}],"references":[{"url":"https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}