Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/04/29 9:47 p.m.7 views

Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment

Summary The member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the JSON output correctly suppresses hidden columns via isVisible checks,...

2.7CVSS5.9AI score0.00258EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/19 11:16 p.m.8 views

CVE-2026-32755

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

5.7CVSS0.00149EPSS
Exploits1References2
OSV
OSV
added 2026/03/19 10:53 p.m.5 views

CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

5.7CVSS5.8AI score0.00149EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/19 10:53 p.m.22 views

CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

5.7CVSS0.00149EPSS
Exploits1References2
Rows per page
Query Builder