CVE-2026-34383

Medium CVSS: 4.3

Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user can craft a direct POST request to save arbitrary inventory item data without CSRF protection and without the field value checks that the FormPresenter validation normally enforces. This issue has been patched in version 5.0.8.

Vendor

Admidio

Product

Admidio

CWE

CWE-20

Yayın Tarihi

2026-03-31 21:16:30

Güncelleme

2026-04-01 18:28:06

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-20 Admidio MEDIUM Admidio 2026

Referanslar

https://github.com/Admidio/admidio/commit/00494b95dfe847af8b938e4397e5d909d8f36839 https://github.com/Admidio/admidio/security/advisories/GHSA-4rwm-c5mj-wh7x

Benzer Kayıtlar

High

CVE-2026-34381

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my…

Medium

CVE-2026-34382

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler…

Medium

CVE-2026-34384

Admidio is an open-source user management solution. Prior to version 5.0.8, the create_user, assign_member, and assign_u…

Medium

CVE-2026-32812

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted URL fetch in the SSO M…

High

CVE-2026-32813

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection t…

Critical

CVE-2026-32817

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents and files module does…