Home / Vulnerability Intelligence / CVE-2026-32756

CVE-2026-32756 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 20, 2026

Admidio - Unrestricted File Upload

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Admidio <= 5.0.6 contains an unrestricted file upload vulnerability caused by flawed CSRF token validation and file extension checks in UploadHandlerFile.php, letting authenticated users with upload permissions upload arbitrary files including PHP scripts, exploit requires valid upload permissions and intentional invalid CSRF token submission.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Authenticated users can upload arbitrary files, potentially leading to remote code execution and full server compromise.

Mitigation

Upgrade to version 5.0.7 or later.

References

Related Resources

Details

CVE ID: CVE-2026-32756
Severity: High
CVSS Score: 8.8
Type: unrestricted_file_upload
Status: new

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H