CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions

Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...

CVE-2026-34382 Admidio: Missing CSRF Protection on Custom List Deletion in mylist_function.php

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylistfunction.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently...

PT-2024-35909 · Unknown · Andy Moyle Church Admin

Name of the Vulnerable Software and Affected Versions: Andy Moyle Church Admin versions 5.0.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions 5.0.8 and...

File upload vulnerability in finecms latest version v5.0.8

FineCMS is a content management system based on PHP+MySql. A file upload vulnerability exists in the ajaxupload function in Api.php in FineCMS version 5.0.8, which can be exploited by remote attackers to upload arbitrary files...