HIGH
Admidio
CVE published 2017-03-05
CVE-2017-6492
CVE-2017-6492 describes a SQL injection vulnerability in Admidio 3.2.5 affecting the dates_function.php code path. The issue is caused by concatenating the POST parameter dat_cat_id directly into a SQL query without input validation or sanitization. NVD rates the issue as CVSS 3.0 7.2 (HIGH) and maps it to CWE-89.