7 matches found
CVE-2026-34384
Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...
Admidio has Missing CSRF Protection on Registration Approval Actions
Summary The createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which correctly validates the token, these three approval actions read thei...
GHSA-PH84-R98X-2J22 Admidio has Missing CSRF Protection on Registration Approval Actions
Summary The createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which correctly validates the token, these three approval actions read thei...
Cross-site Request Forgery (CSRF)
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the approval process for pending user registrations in modules/registration.php when handling the...
CVE-2026-34384
Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...
CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions
Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...
CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions
Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...