Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Admidio: Missing CSRF Protection on Custom List Deletion in mylist_function.php
Vulnerability Description
Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylist_function.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently destroy that user's list configurations — including organization-wide shared lists when the victim holds administrator rights. This issue has been patched in version 5.0.8.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Admidio 跨站请求伪造漏洞
Vulnerability Description
Admidio是Admidio团队的一套开源的成员管理系统。该系统支持成员列表、事件管理、留言簿、相册和下载等功能。 Admidio 5.0.0至5.0.8之前版本存在跨站请求伪造漏洞,该漏洞源于删除模式处理程序未验证CSRF令牌,可能导致跨站请求伪造攻击并删除列表配置。
CVSS Information
N/A
Vulnerability Type
N/A