CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

Admidio is Missing CSRF Protection on Role Membership Date Changes

The savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and removeformermembership against the CSRF token but omits savemembership from that check...

CVE-2021-40098

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression...

CVE-2021-40098

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression...

Path traversal

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression...

CVE-2021-40098

Concrete CMS up to 8.5.5 contains a path traversal vulnerability that can lead to remote code execution via an external form by adding a regular expression. Multiple connected sources describe the issue as a path traversal enabling RCE, affecting Concrete CMS versions 8.5.5 and earlier. The root ...

CVE-2021-40098

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression...