CVE-2026-32756

Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unrestricted file upload vulnerability in the Documents & Files module. Due to a design flaw in how CSRF token validation and file extension verification interact within UploadHandlerFile.php, an authenticated user with upload permissions can bypass file extension restrictions by intentionally submitting an invalid CSRF token. This allows the upload of arbitrary file types, including PHP scripts, which may lead to Remote Code Execution on the server, resulting in full server compromise, data exfiltration, and lateral movement. This issue has been fixed in version 5.0.7.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Admidio/admidio/releases/tag/v5.0.7	Patch Product
https://github.com/Admidio/admidio/security/advisories/GHSA-95cq-p4w2-32w5	Exploit Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-20 00:16

Updated : 2026-03-23 16:51

NVD link : CVE-2026-32756

Mitre link : CVE-2026-32756

CVE.ORG link : CVE-2026-32756

JSON object : View

Products Affected

admidio

admidio

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2026-32756", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-03-20T00:16:16.763", "references": [{"url": "https://github.com/Admidio/admidio/releases/tag/v5.0.7", "tags": ["Patch", "Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-95cq-p4w2-32w5", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unrestricted file upload vulnerability in the Documents & Files module. Due to a design flaw in how CSRF token validation and file extension verification interact within UploadHandlerFile.php, an authenticated user with upload permissions can bypass file extension restrictions by intentionally submitting an invalid CSRF token. This allows the upload of arbitrary file types, including PHP scripts, which may lead to Remote Code Execution on the server, resulting in full server compromise, data exfiltration, and lateral movement. This issue has been fixed in version 5.0.7."}, {"lang": "es", "value": "Admidio es una soluci\u00f3n de gesti\u00f3n de usuarios de c\u00f3digo abierto. Las versiones 5.0.6 e inferiores contienen una cr\u00edtica vulnerabilidad de carga de archivos sin restricciones en el m\u00f3dulo Documentos y Archivos. Debido a un fallo de dise\u00f1o en c\u00f3mo la validaci\u00f3n del token CSRF y la verificaci\u00f3n de la extensi\u00f3n de archivo interact\u00faan dentro de UploadHandlerFile.php, un usuario autenticado con permisos de carga puede eludir las restricciones de extensi\u00f3n de archivo al enviar intencionadamente un token CSRF no v\u00e1lido. Esto permite la carga de tipos de archivo arbitrarios, incluyendo scripts PHP, lo que puede conducir a la ejecuci\u00f3n remota de c\u00f3digo en el servidor, resultando en un compromiso total del servidor, exfiltraci\u00f3n de datos y movimiento lateral. Este problema ha sido solucionado en la versi\u00f3n 5.0.7."}], "lastModified": "2026-03-23T16:51:44.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3347E657-D132-4D87-A355-391136657A27", "versionEndExcluding": "5.0.7"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}