CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

Github Security Blog•added 2026/03/31 11:11 p.m.•3 views

Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

Summary The inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user can craft a direct POST request to save arbitrary inventory item data...

4.3CVSS6AI score0.0001EPSS

Exploits1References4Affected Software1

OSV•added 2026/03/31 11:11 p.m.•2 views

GHSA-4RWM-C5MJ-WH7X Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

4.3CVSS6AI score0.0001EPSS

Exploits1References4

Snyk•added 2026/03/31 11:11 p.m.•1 views

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the itemsave process when the imported parameter is set to true. An attacker can bypass both CSRF...

5.3CVSS5.9AI score0.0001EPSS

Exploits1References2

Cvelist•added 2026/03/31 8:33 p.m.•23 views

CVE-2026-34383 Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user ca...

4.3CVSS0.0001EPSS

Exploits1References2

Vulnrichment•added 2026/03/31 8:33 p.m.•2 views

CVE-2026-34383 Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

4.3CVSS6AI score0.0001EPSS

Exploits1References2

CVE•added 2026/03/31 8:33 p.m.•1 views

CVE-2026-34383

Affected product: Admidio open-source user management. Vulnerability: In versions before 5.0.8, the inventory module’s item_save endpoint accepts a user-controllable POST parameter named “imported” that, when true, bypasses both CSRF validation and server-side form validation. An authenticated us...

4.3CVSS5.9AI score0.0001EPSS

Exploits1References2Affected Software1

OSV•added 2026/03/31 8:33 p.m.•0 views

CVE-2026-34383 Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

4.3CVSS5.9AI score0.0001EPSS

Exploits1References4

Positive Technologies•added 2026/03/31 12:0 a.m.•0 views

PT-2026-29350

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.8 Description The inventory module's item save endpoint is susceptible to a bypass of both CSRF token validation and server-side form validation. An authenticated user can craft a direct POST request to save...

4.3CVSS6.1AI score0.0001EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by