Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.2 views

CVE-2026-34384

Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...

7.3CVSS5.8AI score0.00169EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/31 11:11 p.m.7 views

Admidio has Missing CSRF Protection on Registration Approval Actions

Summary The createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which correctly validates the token, these three approval actions read thei...

7.3CVSS6AI score0.00169EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/31 11:11 p.m.3 views

GHSA-PH84-R98X-2J22 Admidio has Missing CSRF Protection on Registration Approval Actions

Summary The createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which correctly validates the token, these three approval actions read thei...

4.5CVSS6AI score0.00169EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/31 11:11 p.m.2 views

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the approval process for pending user registrations in modules/registration.php when handling the...

7.3CVSS5.9AI score0.00169EPSS
Exploits1References2
NVD
NVD
added 2026/03/31 9:16 p.m.8 views

CVE-2026-34384

Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...

7.3CVSS0.00169EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/31 8:34 p.m.2 views

CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions

Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...

4.5CVSS5.8AI score0.00169EPSS
Exploits1References2
OSV
OSV
added 2026/03/31 8:34 p.m.6 views

CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions

Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...

4.5CVSS5.8AI score0.00169EPSS
Exploits1References4
Rows per page
Query Builder