CVE-2026-34384

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.8

Description Admidio, a user management solution, allows attackers to bypass manual registration approval and potentially take over accounts. The create user, assign member, and assign user action modes in modules/registration.php approve pending user registrations via GET requests without validating a CSRF token. An attacker who has submitted a pending registration can extract their user UUID from the registration confirmation email URL and trick a user with the rol approve users right into visiting a crafted URL, automatically approving the registration. The assign user mode allows for account takeover if the attacker knows the UUID of an existing member. The vulnerability stems from the lack of CSRF protection in these approval modes, unlike the delete user mode. The vulnerable parameters are user uuid and user uuid assigned which are read from the $ GET array. The acceptRegistration() function and assignRegistration() function are involved in the approval process.

Recommendations Versions prior to 5.0.8: Add SecurityUtils::validateCsrfToken($ POST["adm csrf token"]) at the beginning of each approval action in modules/registration.php, consistent with how delete user is already protected. Additionally, convert the approval action URLs from GET-based links to POST-form buttons with the CSRF token in a hidden field.