CVE-2026-32812

{"id": "CVE-2026-32812", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2026-03-20T02:16:35.043", "references": [{"url": "https://github.com/Admidio/admidio/commit/f6b7a966abe4d75e9f707d665d7b4b5570e3185a", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Admidio/admidio/releases/tag/v5.0.7", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-6j68-gcc3-mq73", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-6j68-gcc3-mq73", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted URL fetch in the SSO Metadata API can result in SSRF and local file reads. The SSO Metadata fetch endpoint at modules/sso/fetch_metadata.php accepts an arbitrary URL via $_GET['url'], validates it only with PHP's FILTER_VALIDATE_URL, and passes it directly to file_get_contents(). FILTER_VALIDATE_URL accepts file://, http://, ftp://, data://, and php:// scheme URIs. An authenticated administrator can use this endpoint to read arbitrary local files via the file:// wrapper (Local File Read), reach internal services via http:// (SSRF), or fetch cloud instance metadata. The full response body is returned verbatim to the caller. This issue has been fixed in version 5.0.7."}, {"lang": "es", "value": "Admidio es una soluci\u00f3n de gesti\u00f3n de usuarios de c\u00f3digo abierto. En las versiones 5.0.0 a 5.0.6, la obtenci\u00f3n de URL sin restricciones en la API de metadatos de SSO puede resultar en SSRF y lecturas de archivos locales. El endpoint de obtenci\u00f3n de metadatos de SSO en modules/sso/fetch_metadata.php acepta una URL arbitraria a trav\u00e9s de $_GET['url'], la valida solo con FILTER_VALIDATE_URL de PHP y la pasa directamente a file_get_contents(). FILTER_VALIDATE_URL acepta URIs con esquemas file://, http://, ftp://, data:// y php://. Un administrador autenticado puede usar este endpoint para leer archivos locales arbitrarios a trav\u00e9s del wrapper file:// (Lectura de Archivo Local), alcanzar servicios internos a trav\u00e9s de http:// (SSRF) u obtener metadatos de instancias en la nube. El cuerpo completo de la respuesta se devuelve textualmente al llamador. Este problema ha sido solucionado en la versi\u00f3n 5.0.7."}], "lastModified": "2026-03-23T15:24:40.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4020E2FE-8E51-405F-86CB-DAAFBA7FD9B3", "versionEndExcluding": "5.0.7", "versionStartIncluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}