This vulnerability is trending on Twitter; this may indicate a growing threat.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Incorrect Authorization vulnerabilities in an interactive lesson.
Start learningUpgrade admidio/admidio to version 5.0.10 or higher.
admidio/admidio is a free open source user management system for websites of organizations and groups.
Affected versions of this package are vulnerable to Incorrect Authorization through insufficient authorization checks in the renameFile process. An attacker can modify file names and descriptions in folders where they lack upload rights by submitting crafted requests referencing files they can view but not edit. This allows unauthorized alteration of file metadata, potentially misleading other users or enabling further attacks if the description field is rendered unsanitized.