CVE-2026-34381
Unauthorized File Access in Admidio Due to Apache Misconfiguration
Publication date: 2026-03-31
Last updated on: 2026-04-01
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| admidio | admidio | From 5.0.0 (inc) to 5.0.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Admidio, an open-source user management solution, in versions from 5.0.0 up to but not including 5.0.8. The issue arises because Admidio relies on the adm_my_files/.htaccess file to prevent direct HTTP access to uploaded documents. However, the Docker image configuration uses AllowOverride None in Apache, causing Apache to ignore all .htaccess files silently. Consequently, any file uploaded to the documents module can be accessed directly over HTTP by anyone who knows the file path, bypassing any role-based permissions set in the user interface. The file path is exposed in the upload response JSON. This vulnerability was fixed in version 5.0.8.
How can this vulnerability impact me? :
This vulnerability allows unauthorized users to access uploaded documents directly via HTTP without any authentication, regardless of the permissions configured in the application. This can lead to exposure of sensitive or confidential files to anyone who knows or can guess the file path, potentially resulting in data leakage or privacy breaches.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if uploaded documents in the Admidio application are accessible directly over HTTP without authentication. Since the file path is disclosed in the upload response JSON, you can attempt to access these files via their URLs to verify if access control is properly enforced.
You can also verify the Apache configuration in the Docker image to see if AllowOverride is set to None, which causes .htaccess files to be ignored.
- Use curl or wget to request an uploaded file URL obtained from the upload response JSON and check if it is accessible without authentication.
- Check the Apache configuration inside the Docker container with commands like: docker exec -it <container_name> cat /etc/apache2/apache2.conf | grep AllowOverride
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Admidio to version 5.0.8 or later, where this issue has been patched.
Alternatively, ensure that the Apache configuration allows .htaccess files to be processed by setting AllowOverride to a value other than None, so that access restrictions defined in adm_my_files/.htaccess are enforced.
Restrict direct HTTP access to uploaded documents by configuring proper access controls on the web server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated access to uploaded documents regardless of role-based permissions, potentially exposing sensitive personal or protected information.
Such unauthorized data exposure could lead to non-compliance with data protection regulations like GDPR or HIPAA, which require strict access controls and protection of personal and sensitive data.
Therefore, organizations using affected versions of Admidio may face compliance risks until the vulnerability is patched.