CVE-2026-32812

Name of the Vulnerable Software and Affected Versions Admidio versions 5.0.0 through 5.0.6

Description Admidio, an open-source user management solution, contains a flaw in the SSO Metadata API. The modules/sso/fetch metadata.php endpoint accepts an arbitrary URL via the $ GET['url'] parameter. This URL is validated using PHP's FILTER VALIDATE URL, which permits schemes like file://, http://, ftp://, data://, and php://. An authenticated administrator can exploit this to read arbitrary local files using the file:// wrapper, access internal services via http:// (Server-Side Request Forgery or SSRF), or retrieve cloud instance metadata. The complete response body is returned directly to the caller. The vulnerability stems from the insufficient validation of the URL, allowing potentially dangerous schemes to be used with file get contents(). The FILTER VALIDATE URL function does not block dangerous schemes, and the file:// wrapper is always available regardless of the allow url fopen INI setting.

Recommendations Versions prior to 5.0.7 are affected. Restrict the accepted URL scheme to https:// and block internal IP ranges. Use cURL with explicit scheme restriction to https://.