Vulnerability Description
Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user can craft a direct POST request to save arbitrary inventory item data without CSRF protection and without the field value checks that the FormPresenter validation normally enforces. This issue has been patched in version 5.0.8.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Admidio | Admidio | < 5.0.8 |
Related Weaknesses (CWE)
References
- https://github.com/Admidio/admidio/commit/00494b95dfe847af8b938e4397e5d909d8f368Patch
- https://github.com/Admidio/admidio/security/advisories/GHSA-4rwm-c5mj-wh7xExploitMitigationVendor Advisory
FAQ
What is CVE-2026-34383?
CVE-2026-34383 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint accepts a user-controllable POST parameter imported that, when set to true, comple...
How severe is CVE-2026-34383?
CVE-2026-34383 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-34383?
Check the references section above for vendor advisories and patch information. Affected products include: Admidio Admidio.