CVE-2026-34383 in admidio
Resumen (Inglés)
Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user can craft a direct POST request to save arbitrary inventory item data without CSRF protection and without the field value checks that the FormPresenter validation normally enforces. This issue has been patched in version 5.0.8.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Responsable
GitHub_M
Reservar
2026-03-27
Divulgación
2026-04-01
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 354517 | admidio Inventory item_save falsificación de solicitudes en sitios cruzados | 352 | No está definido | Arreglo oficial | CVE-2026-34383 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV