CVE-2017-6492

Name of the Vulnerable Software and Affected Versions Admidio version 3.2.5

Description A SQL Injection issue was discovered in the adm program/modules/dates/dates function.php module. The dat cat id parameter, which is passed via a POST request, is concatenated into a SQL query without proper input validation or sanitization.

Recommendations For Admidio version 3.2.5, consider validating and sanitizing the dat cat id parameter to prevent SQL injection attacks. As a temporary workaround, restrict access to the vulnerable module until a patch is available.