Session Fixation in admidio/admidio

Valid

Reported on

Oct 17th 2021


Description

admin create a member(member role) user named B

then B log in to the Admidio

after that user B already logged into the Admidio, Admin decide to delete all Roles of user B

but user B can do anything that he/she can do before.

We have contacted a member of the admidio team and are waiting to hear back 2 months ago
We have contacted a member of the admidio team and are waiting to hear back 2 months ago
Markus Faßbender validated this vulnerability 2 months ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Markus Faßbender confirmed that a fix has been merged on 6a268e 2 months ago
Markus Faßbender has been awarded the fix bounty
Markus
2 months ago

Maintainer


This is fixed with version 4.0.11 . Thanks for the research.