CVE-2026-34382

Medium CVSS: 4.6

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylist_function.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently destroy that user's list configurations — including organization-wide shared lists when the victim holds administrator rights. This issue has been patched in version 5.0.8.

Vendor

Admidio

Product

Admidio

CWE

CWE-352

Yayın Tarihi

2026-03-31 21:16:30

Güncelleme

2026-04-01 18:25:24

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-352 Admidio MEDIUM Admidio 2026

Referanslar

https://github.com/Admidio/admidio/commit/317ec91ad3baf19d4179db6c32413812eb36d7ca https://github.com/Admidio/admidio/security/advisories/GHSA-g3mx-8jm6-rc85

Benzer Kayıtlar

High

CVE-2026-34381

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my…

Medium

CVE-2026-34383

Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint ac…

Medium

CVE-2026-34384

Admidio is an open-source user management solution. Prior to version 5.0.8, the create_user, assign_member, and assign_u…

Medium

CVE-2026-32812

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted URL fetch in the SSO M…

High

CVE-2026-32813

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection t…

Critical

CVE-2026-32817

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents and files module does…