2 matches found
CVE-2026-34382
Admidio (open-source user management) has a CSRF protection issue in the delete mode handler of mylist_function.php. From version 5.0.0 up to 5.0.7, deleting list configurations could occur without validating a CSRF token, allowing an authenticated user’s page to silently destroy their own list c...
CVE-2026-34382 Admidio: Missing CSRF Protection on Custom List Deletion in mylist_function.php
Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylistfunction.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently...