CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Vulnrichment•added 2026/03/19 10:57 p.m.•1 views

CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groupsroles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF...

5.7CVSS5.8AI score0.00022EPSS

Exploits1References2

CVE•added 2026/03/19 10:57 p.m.•4 views

CVE-2026-32816

CVE-2026-32816 affects Admidio 5.0.0–5.0.6 where delete, activate, and deactivate for groups_roles.php do not validate CSRF tokens. The client sends a CSRF token via adm_csrf_token, but server handlers ignore it for these modes, enabling a forged request to permanently delete roles and cascade re...

5.7CVSS5.8AI score0.00022EPSS

Exploits1References2Affected Software1

OSV•added 2026/03/19 10:57 p.m.•1 views

CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions

5.7CVSS5.8AI score0.00022EPSS

Exploits1References4

Cvelist•added 2026/03/19 10:57 p.m.•19 views

CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions

5.7CVSS0.00022EPSS

Exploits1References2

OSV•added 2026/03/16 9:17 p.m.•1 views

GHSA-WWG8-6FFR-H4Q2 Admidio is Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions

Summary The delete, activate, and deactivate modes in modules/groups-roles/groupsroles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF token to callUrlHideElement, which includes it in the POST body, but the...

5.7CVSS6AI score0.00022EPSS

Exploits1References4

Github Security Blog•added 2026/03/16 9:17 p.m.•3 views

Admidio is Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions

5.7CVSS6AI score0.00022EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by