Incorrect Authorization Affecting admidio/admidio package, versions <5.0.10


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

Social Trends
EPSS
0.03% (9th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Incorrect Authorization vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PHP-ADMIDIOADMIDIO-17112501
  • published31 May 2026
  • disclosed29 May 2026
  • creditoffset, 0xEr3n

Introduced: 29 May 2026

CVE-2026-47230  (opens in a new tab)
CWE-639  (opens in a new tab)
CWE-863  (opens in a new tab)

How to fix?

Upgrade admidio/admidio to version 5.0.10 or higher.

Overview

admidio/admidio is a free open source user management system for websites of organizations and groups.

Affected versions of this package are vulnerable to Incorrect Authorization through insufficient authorization checks in the renameFile process. An attacker can modify file names and descriptions in folders where they lack upload rights by submitting crafted requests referencing files they can view but not edit. This allows unauthorized alteration of file metadata, potentially misleading other users or enabling further attacks if the description field is rendered unsanitized.

CVSS Base Scores

version 4.0
version 3.1