CVE-2021-43810 Scanner

Admidio is a free open-source user management system designed for websites of organizations and groups. It aims to ease the administrative burden of managing website users by providing a reliable and user-friendly platform for managing members, events, and communication.

Recently, a Cross-Site Scripting (XSS) vulnerability CVE-2021-43810 was detected in the Admidio system prior to version 4.0.12. This vulnerability occurs due to inadequate validation of the value of the url parameter in redirect.php. By exploiting this vulnerability, attackers can execute crafted scripts and steal sensitive information, such as login credentials and personal user information.

When the above vulnerability is exploited, it can lead to the infiltration of malicious code onto devices of the users of the platform. This can potentially lead to the exposure of critical information, such as user login credentials and personal information. In addition, it may result in the compromise of the server and the whole system, which would lead to a complete loss of all user data and unauthorized access to sensitive systems.

With the pro features of the securityforeveryone.com platform, users can easily and quickly learn about vulnerabilities in their digital assets. The platform provides comprehensive scans of websites, highlighting all vulnerabilities, including XSS, SQL Injection, and others. It also provides expert advice on eliminating discovered vulnerabilities and securing their website to ensure that the user's information is safe and protected.

REFERENCES

• https://github.com/Admidio/admidio/commit/c043267d362f7813543cc2785119bf3e3e54fe21
• https://github.com/Admidio/admidio/commit/fcb0609abc1d2f65bc1377866bd678e5d891404b
• https://github.com/Admidio/admidio/releases/tag/v4.0.12
• https://github.com/Admidio/admidio/security/advisories/GHSA-3qgf-qgc3-42hh