{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32813", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-16T17:35:36.696Z", "datePublished": "2026-03-20T02:09:07.610Z", "dateUpdated": "2026-03-20T02:09:07.610Z"}, "containers": {"cna": {"title": "Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/Admidio/admidio/security/advisories/GHSA-3x67-4c2c-w45m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-3x67-4c2c-w45m"}, {"name": "https://github.com/Admidio/admidio/commit/3473bf5a7aa1bfc5043e73979719396276f4189f", "tags": ["x_refsource_MISC"], "url": "https://github.com/Admidio/admidio/commit/3473bf5a7aa1bfc5043e73979719396276f4189f"}], "affected": [{"vendor": "Admidio", "product": "admidio", "versions": [{"version": "< 5.0.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T02:09:07.610Z"}, "descriptions": [{"lang": "en", "value": "Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort directions, and filter conditions in the adm_list_columns table via prepared statements. However, these stored values are later read back and interpolated directly into dynamically constructed SQL queries without sanitization or parameterization, creating a classic second-order SQL injection vulnerability (safe write, unsafe read). An attacker can exploit this to inject arbitrary SQL, potentially reading, modifying, or deleting any data in the database and achieving full database compromise. This issue has been fixed in version 5.0.7."}], "source": {"advisory": "GHSA-3x67-4c2c-w45m", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort directions, and filter conditions in the adm_list_columns table via prepared statements. However, these stored values are later read back and interpolated directly into dynamically constructed SQL queries without sanitization or parameterization, creating a classic second-order SQL injection vulnerability (safe write, unsafe read). An attacker can exploit this to inject arbitrary SQL, potentially reading, modifying, or deleting any data in the database and achieving full database compromise. This issue has been fixed in version 5.0.7."}], "id": "CVE-2026-32813", "lastModified": "2026-03-20T02:16:35.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T02:16:35.210", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/Admidio/admidio/commit/3473bf5a7aa1bfc5043e73979719396276f4189f"}, {"source": "security-advisories@github.com", "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-3x67-4c2c-w45m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.0.7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "admidio", "source": "cna", "vendor": "Admidio"}, "product": "admidio", "vendor": "admidio"}], "analysis": {"en": {"generated_at": "2026-03-20T03:20:17.034891+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch to version 5.0.7 or higher"], "summary": {"action": "Immediate Patch", "impact": "Full Database Compromise"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Admidio versions 5.0.6 and older. Any installation of Admidio version 5.0.6 or earlier is at risk.", "description_and_impact": "Admidio is a user management system that allows authenticated users to define custom list column layouts via the MyList configuration feature. The system stores user-supplied column names, sort directions, and filter conditions in the adm_list_columns table using prepared statements, but later retrieves these values and directly injects them into dynamically constructed SQL queries without sanitization. This classic second\u2011order SQL injection (safe write, unsafe read) permits attackers to inject arbitrary SQL, potentially reading, modifying or deleting any data in the database and achieving full database compromise.", "risk_and_exploitability": "The CVSS score is 8.0, indicating high severity. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires authentication to the application, after which an attacker can craft custom list configurations containing malicious SQL. Once the configuration is saved and later read, the malicious SQL is executed against the database, giving the attacker control over database contents. The attack vector is application\u2011based and would be feasible wherever the vulnerable application is exposed to users."}}}}, "created": "2026-03-20T08:53:07.120107+00:00", "updated": "2026-03-20T10:37:51.244568+00:00", "vendors": ["admidio", "admidio$PRODUCT$admidio"]}