FKIE_CVE-2026-32756

Vulnerability from fkie_nvd - Published: 2026-03-20 00:16 - Updated: 2026-03-23 16:51
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unrestricted file upload vulnerability in the Documents & Files module. Due to a design flaw in how CSRF token validation and file extension verification interact within UploadHandlerFile.php, an authenticated user with upload permissions can bypass file extension restrictions by intentionally submitting an invalid CSRF token. This allows the upload of arbitrary file types, including PHP scripts, which may lead to Remote Code Execution on the server, resulting in full server compromise, data exfiltration, and lateral movement. This issue has been fixed in version 5.0.7.
References
security-advisories@github.comhttps://github.com/Admidio/admidio/releases/tag/v5.0.7Patch, Product
security-advisories@github.comhttps://github.com/Admidio/admidio/security/advisories/GHSA-95cq-p4w2-32w5Exploit, Mitigation, Vendor Advisory
Impacted products
Vendor Product Version
admidio admidio *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3347E657-D132-4D87-A355-391136657A27",
              "versionEndExcluding": "5.0.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unrestricted file upload vulnerability in the Documents \u0026 Files module. Due to a design flaw in how CSRF token validation and file extension verification interact within UploadHandlerFile.php, an authenticated user with upload permissions can bypass file extension restrictions by intentionally submitting an invalid CSRF token. This allows the upload of arbitrary file types, including PHP scripts, which may lead to Remote Code Execution on the server, resulting in full server compromise, data exfiltration, and lateral movement. This issue has been fixed in version 5.0.7."
    },
    {
      "lang": "es",
      "value": "Admidio es una soluci\u00f3n de gesti\u00f3n de usuarios de c\u00f3digo abierto. Las versiones 5.0.6 e inferiores contienen una cr\u00edtica vulnerabilidad de carga de archivos sin restricciones en el m\u00f3dulo Documentos y Archivos. Debido a un fallo de dise\u00f1o en c\u00f3mo la validaci\u00f3n del token CSRF y la verificaci\u00f3n de la extensi\u00f3n de archivo interact\u00faan dentro de UploadHandlerFile.php, un usuario autenticado con permisos de carga puede eludir las restricciones de extensi\u00f3n de archivo al enviar intencionadamente un token CSRF no v\u00e1lido. Esto permite la carga de tipos de archivo arbitrarios, incluyendo scripts PHP, lo que puede conducir a la ejecuci\u00f3n remota de c\u00f3digo en el servidor, resultando en un compromiso total del servidor, exfiltraci\u00f3n de datos y movimiento lateral. Este problema ha sido solucionado en la versi\u00f3n 5.0.7."
    }
  ],
  "id": "CVE-2026-32756",
  "lastModified": "2026-03-23T16:51:44.110",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-20T00:16:16.763",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://github.com/Admidio/admidio/releases/tag/v5.0.7"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-95cq-p4w2-32w5"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.