11 matches found
CVE-2026-32755
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
CVE-2026-32755
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
CVE-2026-32755
CVE-2026-32755 affects Admidio 5.0.6 and earlier. The save_membership action in modules/profile/profile_function.php does not validate the CSRF token, while stop_membership and remove_former_membership do. This allows an attacker to craft a hidden POST form to update a member’s membership start/e...
CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
CVE-2026-32755
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
GHSA-H8GR-QWR6-M9GX Admidio is Missing CSRF Protection on Role Membership Date Changes
Summary The savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and removeformermembership against the CSRF token but omits savemembership from that...
Admidio is Missing CSRF Protection on Role Membership Date Changes
Summary The savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and removeformermembership against the CSRF token but omits savemembership from that...
Cross-site Request Forgery (CSRF)
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the savemembership process. An attacker can alter membership start and end dates for any member of...
PT-2026-25853
Summary The save membership action in modules/profile/profile function.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stop membership and remove former membership against the CSRF token but omits save membership from th...