CVE-2026-34382

| EUVD-2026-17624 MEDIUM
2026-03-31 GitHub_M GHSA-g3mx-8jm6-rc85
4.6
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Patch Released
Apr 01, 2026 - 02:30 nvd
Patch available
EUVD ID Assigned
Mar 31, 2026 - 21:14 euvd
EUVD-2026-17624
Analysis Generated
Mar 31, 2026 - 21:14 vuln.today
CVE Published
Mar 31, 2026 - 20:32 nvd
MEDIUM 4.6

Tags

PHP CSRF

Description

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylist_function.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently destroy that user's list configurations - including organization-wide shared lists when the victim holds administrator rights. This issue has been patched in version 5.0.8.

Analysis

Admidio 5.0.0 through 5.0.7 allows authenticated users to permanently delete list configurations via CSRF attacks in the mylist_function.php delete handler, lacking CSRF token validation. An attacker can craft a malicious page to silently destroy a victim's shared list configurations, including organization-wide lists if the victim holds administrator rights. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

23
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +23
POC: 0

Share

CVE-2026-34382 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy