{"id":36792,"date":"2024-12-24T03:37:03","date_gmt":"2024-12-23T22:07:03","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=36792"},"modified":"2025-01-03T13:58:30","modified_gmt":"2025-01-03T08:28:30","slug":"cve-2024-47836-html-injection-vulnerability-in-admidio-user-management","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/vulnerability\/cve-2024-47836-html-injection-vulnerability-in-admidio-user-management\/","title":{"rendered":"CVE-2024-47836: HTML Injection Vulnerability in Admidio User Management"},"content":{"rendered":"<div class=\"gb-container gb-container-e43a8917\">\n\n<p class=\"wp-block-paragraph\"><strong>Product Name:<\/strong> Admidio\/admidio<br><strong>Vulnerability:<\/strong> HTML Injection<br><strong>Vulnerable Version: <\/strong>v4.3.11<br><strong>CVE:<\/strong> CVE-2024-47836here<\/p>\n\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">On October 9, 2024, the security researchers at Astra Security found an HTML injection vulnerability in the messages section of the Admidio User Management solution. The vulnerability, assigned <strong>CVE-2024-47836<\/strong>, allows attackers to inject arbitrary HTML content into the application, which could manipulate webpage behavior, mislead users, and act as a precursor to further attacks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"CVE-2024-47836_Technical_Breakdown\"><\/span><strong>CVE-2024-47836: Technical Breakdown<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How Was It Discovered?<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Astra researchers tested Admidio for security vulnerabilities and discovered that the user input was improperly sanitized, allowing the injection of untrusted HTML content tags.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How To Recreate This Vulnerability?<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Insert the following payload in the message section:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><code>Testing&lt;br>&lt;h1>HTML&lt;\/h1>&lt;br>&lt;h2>Injection&lt;\/h2><\/code><\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Upon submission, the untrusted HTML content tags get reflected as rendered HTML on the application\u2019s front end.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Impact_of_HTML_Injection\"><\/span><strong>Impact of HTML Injection<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Data Theft &amp; Session Hijacking<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Sensitive data like cookies, session tokens, and user credentials can be stolen, and leveraging this vulnerability allows attackers to hijack active sessions and gain unauthorized access to the user accounts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Phishing Attacks<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers can use the HTML Injection vulnerability to insert fake login forms, contact forms, or questionnaires to extract sensitive user information and use it to their advantage for further exploitation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Website Defacement<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers can make malicious modifications to the website content that impact the appearance and trust of the website. They can also inject advertisements on the web pages and disrupt the user experience.<\/p>\n\n\n<style>\n.newctaWrapper{\n  background-color: #f8f2e4;\n  padding: 40px;\n  border-radius: 10px;\n  margin: 20px 0px;\n}\n.ctaHead{\n  display: flex;\n  align-items: center;\n  grid-gap: 1rem;\n}\n.newctaHeading{\n  font-size: 36px;\n  font-weight: 600;\n  line-height: 1.1;\n  margin-bottom: 0px;\n  color: #403F3E;\n}\n.spanBold{\n  color: #164DB3;\n  font-weight: 700;\n}\n.ctaOne{\n  text-decoration: none;\n  background-color: #2F76F8;\n  color: #ffffff!important;\n  padding: 10px 25px;\n  border-radius: 6px;\n  font-weight: 600;\n}\n.ctaOne:hover{\n  color:#fff;\n}\n.ctaTwo{\n  text-decoration: none;\n  background-color: #24BC94;\n  color: #ffffff!important;\n  padding: 10px 25px;\n  border-radius: 6px;\n  font-weight: 600;\n}\n.ctaTwo:hover{\n  color:#fff;\n}\n.ctaBody{\n  padding-top: 40px;\n  display: flex;\n  align-items: flex-end;\n  grid-gap: 1rem;\n}\n.ctoImg{\n  height: 310px;\n  width: 300px;\n}\n@media(max-width: 768px){\n}\n@media(max-width: 576px){\n  .ctaBody{\n    flex-direction: column;\n  }\n  .ctoImg{\n     display: none;\n  }\n  .ctaHead{\n  flex-direction: column;\n  align-items: start;\n}\n}\n<\/style>\n<div class=\"newctaWrapper\">\n<div class=\"ctaHead\"><img loading=\"lazy\" decoding=\"async\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/08\/ceb80994-shield.png\" alt=\"shield\" width=\"58\" height=\"62\" \/>\n<p class=\"newctaHeading\">Why Astra is the best in pentesting?<\/p>\n\n<\/div>\n<div class=\"ctaBody\">\n<div>\n<ul style=\"margin: 0px 25px 25px;\">\n \t<li>We\u2019re the only company that\u00a0<span class=\"spanBold\">combines automated &amp; manual pentest<\/span>\u00a0to create a one-of-a-kind pentest platform.<\/li>\n \t<li>Vetted scans ensure<span class=\"spanBold\">\u00a0zero false positives.<\/span><\/li>\n \t<li>Our intelligent <span class=\"spanBold\">vulnerability scanner emulates hacker behavior<\/span>\u00a0&amp; evolves with every pentest.<\/li>\n \t<li>Astra\u2019s scanner helps you shift left by integrating with your CI\/CD.<\/li>\n \t<li>Our platform helps you\u00a0<span class=\"spanBold\">uncover, manage &amp; fix<\/span>\u00a0vulnerabilities in one place.<\/li>\n \t<li>Trusted by the brands\u00a0<span class=\"spanBold\">you trust<\/span>\u00a0like Agora, Spicejet, Muthoot, Dream11, etc.<\/li>\n<\/ul>\n<div class=\"ctaHead\"><a class=\"ctaOne\" href=\"https:\/\/astra.sh\/681d8\" target=\"_blank\" rel=\"noopener\">Let\u2019s Talk<\/a>\n<a class=\"ctaTwo\" href=\"https:\/\/astra.sh\/rK6rl\" target=\"_blank\" rel=\"noopener\">Get Started<\/a><\/div>\n<\/div>\n<div><img decoding=\"async\" class=\"ctoImg\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/08\/b262d665-cto.png\" alt=\"cto\" width=\"\" \/><\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Current_Status_and_Mitigation\"><\/span><strong>Current Status and Mitigation<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">After discovering the vulnerability, the Admidio team was promptly notified, and they acknowledged the vulnerability in the affected version v4.3.11. The issue was mitigated with a patch in the v4.3.12 released by the team, sanitizing the user input.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Can_You_Do\"><\/span><strong>What Can You Do?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Update the affected version to the latest version of the <a href=\"https:\/\/github.com\/Admidio\/admidio\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Admidio User Management Software<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Product Name: Admidio\/admidioVulnerability: HTML InjectionVulnerable Version: v4.3.11CVE: CVE-2024-47836here On October 9, 2024, the security researchers at Astra Security found an HTML injection vulnerability in the messages section of the Admidio User Management solution. The vulnerability, assigned CVE-2024-47836, allows attackers to inject arbitrary HTML content into the application, which could manipulate webpage behavior, mislead users, and &#8230; <a title=\"CVE-2024-47836: HTML Injection Vulnerability in Admidio User Management\" class=\"read-more\" href=\"https:\/\/www.getastra.com\/blog\/vulnerability\/cve-2024-47836-html-injection-vulnerability-in-admidio-user-management\/\" aria-label=\"Read more about CVE-2024-47836: HTML Injection Vulnerability in Admidio User Management\">Read more<\/a><\/p>\n","protected":false},"author":121,"featured_media":36793,"comment_status":"open","ping_status":"0","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[723],"tags":[],"class_list":["post-36792","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/36792","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/users\/121"}],"replies":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/comments?post=36792"}],"version-history":[{"count":6,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/36792\/revisions"}],"predecessor-version":[{"id":36926,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/36792\/revisions\/36926"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media\/36793"}],"wp:attachment":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media?parent=36792"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/categories?post=36792"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/tags?post=36792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}