GHSA-WWG8-6FFR-H4Q2: GHSA-wwg8-6ffr-h4q2: Cross-Site Request Forgery in Admidio Role Management

GHSA-wwg8-6ffr-h4q2: Cross-Site Request Forgery in Admidio Role Management Vulnerability ID: GHSA-WWG8-6FFR-H4Q2 CVSS Score: 5.7 Published: 2026-03-16 Admidio versions 5.0.0 through 5.0.6 contain a Cross-Site Request Forgery (CSRF) vulnerability in the organizational role management module. The application fails to validate anti-CSRF tokens for state-changing operations including role deletion, activation, and deactivation. An attacker can leverage this flaw to perform unauthorized actions by tricking a privileged user into executing a malicious request. TL;DR A missing CSRF validation check in Admidio's role management module allows attackers to permanently delete or modify organizational roles by tricking authenticated administrators into clicking a malicious link. ⚠️ Exploit Status: POC Technical Details Vulnerability Type: Cross-Site Request Forgery (CSRF) CWE ID: CWE-352 CVSS v3.1 Base Score: 5.7 (Medium) Attack Vector: Network User Interaction: Required Privileges Required: Low E