9 matches found
CVE-2026-32755
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
CVE-2026-32755
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
Admidio 跨站请求伪造漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio 5.0.6 and earlier had a cross-site request forgeing vulnerability. This...
GHSA-H8GR-QWR6-M9GX Admidio is Missing CSRF Protection on Role Membership Date Changes
Summary The savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and removeformermembership against the CSRF token but omits savemembership from that...
PT-2026-25853
Summary The save membership action in modules/profile/profile function.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stop membership and remove former membership against the CSRF token but omits save membership from th...
Admidio is Missing CSRF Protection on Role Membership Date Changes
The savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and removeformermembership against the CSRF token but omits savemembership from that check...
CVE-2025-4362
A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=savemembership. The manipulation of the argument memberid leads to sql injection. The attack can be initiated remotely. The exploit has...