Platform
php
Component
admidio
Opgelost in
5.0.9
CVE-2026-34383 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting Admidio, an open-source user management solution. This flaw allows an authenticated user to bypass CSRF token validation and server-side form validation within the inventory module's item_save endpoint. The vulnerability impacts versions of Admidio prior to 5.0.8 and can lead to unauthorized modification of inventory item data. A patch is available in version 5.0.8.
An attacker exploiting this CSRF vulnerability can trick an authenticated Admidio user into unknowingly submitting a malicious POST request to the item_save endpoint. By setting the imported parameter to true, the attacker bypasses both CSRF token validation and server-side form validation. This enables them to save arbitrary inventory item data without any checks, potentially leading to data corruption, unauthorized access, or even privilege escalation depending on the nature of the inventory data. The impact is amplified if the inventory data contains sensitive information or is used to configure critical system settings. While requiring authentication, the ease of crafting the malicious request makes this a concerning vulnerability.
This vulnerability was publicly disclosed on 2026-03-31. There are currently no known public proof-of-concept exploits available, but the ease of exploitation suggests a potential for rapid development of such tools. The vulnerability is not currently listed on the CISA KEV catalog. The relatively low CVSS score (4.3) reflects the requirement for user authentication, but the potential impact warrants prompt remediation.
Organizations utilizing Admidio for user management, particularly those with custom inventory configurations or sensitive data stored within the inventory module, are at risk. Shared hosting environments where multiple users share the same Admidio instance are also particularly vulnerable, as an attacker could potentially exploit the vulnerability through another user's session.
• php: Examine Admidio logs for POST requests to /admidio/inventory/item_save.php with the imported=true parameter.
grep 'imported=true' /var/log/apache2/access.log | grep '/admidio/inventory/item_save.php'• generic web: Monitor access logs for requests to /admidio/inventory/item_save.php with the imported=true parameter.
grep 'imported=true' /var/log/nginx/access.log | grep '/admidio/inventory/item_save.php'disclosure
Exploit Status
EPSS
0.03% (8% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-34383 is to immediately upgrade Admidio to version 5.0.8 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. While a direct WAF rule targeting the itemsave endpoint is difficult without knowing the specific data being manipulated, implementing stricter input validation on the server-side can help reduce the attack surface. Review and restrict access to the inventory module to only authorized personnel. Monitor Admidio logs for suspicious POST requests to the itemsave endpoint, particularly those originating from unexpected sources. After upgrading, confirm the fix by attempting to submit a POST request with the imported=true parameter and verifying that the request is rejected.
Actualiseer Admidio naar versie 5.0.8 of hoger. Deze versie corrigeert de CSRF kwetsbaarheid en de omzeiling van de formulier validatie in de voorraadmodule. De update zorgt ervoor dat verzoeken beschermd zijn tegen CSRF aanvallen en dat de voorraad data correct wordt gevalideerd.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-34383 is a Cross-Site Request Forgery (CSRF) vulnerability in Admidio versions prior to 5.0.8, allowing authenticated users to bypass validation and modify inventory data.
You are affected if you are running Admidio version 5.0.8 or earlier. Immediately check your version and upgrade if necessary.
Upgrade Admidio to version 5.0.8 or later. Consider temporary workarounds like stricter input validation if immediate upgrade is not possible.
There are currently no confirmed reports of active exploitation, but the ease of exploitation suggests a potential for future attacks.
Refer to the official Admidio security advisory on their website or GitHub repository for the latest information and updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.