top of page
perceptive_background_267k.jpg

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP acc…

Published:

30 maart 2026 om 22:00:00

Alert date:

31 maart 2026 om 22:03:20

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Identity & Access

Admidio open-source user management solution versions 5.0.0 to 5.0.7 contain an authentication bypass vulnerability in Docker deployments. The Apache configuration ignores .htaccess files that protect uploaded documents, allowing unauthenticated access to any uploaded file. File paths are exposed in upload response JSON, making exploitation straightforward. This affects the documents module and bypasses all role-based permissions configured in the UI. The vulnerability has been patched in version 5.0.8.

Technical details

Mitigation steps:

Affected products:

Admidio

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-34381
https://github.com/Admidio/admidio/commit/5f770c1ca81a4f6b02136280cd63316a35aabaaf
https://github.com/Admidio/admidio/security/advisories/GHSA-7fh7-8xqm-3g88

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page