Insertion of Sensitive Information into Log File in admidio/admidio | CVE-2026-47234

Q: How to fix?

Upgrade admidio/admidio to version 5.0.10 or higher.

Introduced: 29 May 2026

NewCVE-2026-47234 (opens in a new tab) CWE-532 (opens in a new tab)

How to fix?

Upgrade admidio/admidio to version 5.0.10 or higher.

Overview

admidio/admidio is a free open source user management system for websites of organizations and groups.

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the setCookie and start functions. An attacker can gain unauthorized access to active sessions or persistent accounts by obtaining session IDs and auto-login cookie values from application logs. This is only exploitable if debug logging is enabled and an attacker has access to the log files.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
High
User Interaction (UI)
None

Confidentiality (VC)
High
Integrity (VI)
None
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Insertion of Sensitive Information into Log File Affecting admidio/admidio package, versions <5.0.10

Severity

Do your applications use this vulnerable package?

Snyk Learn

Introduced: 29 May 2026

How to fix?

Overview

References

CVSS Base Scores

Snyk