A vulnerability, which was classified as critical, has been found in admidio up to 4.3.8. Affected by this issue is some unknown functionality of the file /adm_program/modules/ecards/ecard_send.php. The manipulation of the argument ecard_recipients leads to sql injection.

This vulnerability is handled as CVE-2024-37906. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.