CVE-2026-34384 - Vulnerability Analysis
MediumCVSS: 4.5Last Updated: April 1, 2026
Admidio - Cross-Site Request Forgery
Published: March 31, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable
Overview
Admidio < 5.0.8 contains a cross-site request forgery caused by missing CSRF token validation in create_user, assign_member, and assign_user actions in modules/registration.php, letting attackers bypass manual user registration approval, exploit requires victim with rol_approve_users right to visit crafted URL.
Severity & Score
Severity: Medium
CVSS Score: 4.5
Impact
Attackers can bypass manual user registration approval, allowing unauthorized user registrations to be approved automatically.
Mitigation
Update to version 5.0.8 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-34384
- Severity
- Medium
- CVSS Score
- 4.5
- Type
- cross_site_request_forgery
- Status
- confirmed
CWE
- CWE-352
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N