4 matches found
CVE-2026-41663
Admidio has a CSRF flaw (CVE-2026-41663) affecting versions prior to 5.0.9. The vulnerability lies in the preferences module where backup, test_email, and htaccess operations are executed via GET requests without CSRF validation, allowing exploitation via SameSite=Lax cookies to trigger actions o...
CVE-2026-41663 Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send
Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...
CVE-2026-41663 Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send
Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...
PHPVibe Security Vulnerability
PHPVibe is a free video management system from PHPVibe, Inc. A security vulnerability exists in PHPVibe version 11.0.46, which stems from a code execution via writing specific statements to .htaccess and writing code to a file with a .png extension due to incomplete blacklist checksums and...