How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability allows authenticated users to read arbitrary files on the server, including sensitive files containing database credentials. Such unauthorized access to sensitive information can lead to data breaches, which may violate data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive data.

Because the vulnerability impacts confidentiality by exposing sensitive data, organizations using affected versions of Admidio may face compliance risks if the vulnerability is exploited and sensitive data is disclosed.

Applying the patch in version 5.0.9 mitigates this risk by preventing path traversal and unauthorized file access, helping maintain compliance with these standards.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

CVE-2026-41655 is a Path Traversal vulnerability in the ECard Preview feature of Admidio versions 5.0.8 and earlier.

The vulnerability occurs because the ecard_preview.php endpoint does not validate the ecard_template POST parameter as a safe filename before passing it to the ECard::getEcardTemplate() function.

An authenticated user can exploit this by supplying a path traversal payload (for example, ../config.php) to read arbitrary files accessible to the web server process, including sensitive files like adm_my_files/config.php which contains database credentials.

This issue has been patched in Admidio version 5.0.9 by adding proper filename validation to prevent path traversal.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can have a significant impact on confidentiality because an attacker with a regular authenticated user account can read arbitrary files on the server.

Specifically, sensitive files such as configuration files containing database credentials can be accessed, potentially leading to further compromise of the system or data breaches.

The vulnerability has a medium severity score (CVSS 6.5) and does not require admin privileges, making it easier to exploit.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to exploit the path traversal issue in the ecard_preview.php endpoint by sending POST requests with the ecard_template parameter containing path traversal payloads such as ../config.php.

For example, an authenticated user can test by sending a POST request to ecard_preview.php with ecard_template=../config.php and checking if the response contains contents of sensitive files like adm_my_files/config.php.

A sample command using curl to test this could be:

• curl -X POST -d "ecard_template=../config.php" -b cookies.txt https://your-admidio-site/ecard_preview.php

Where cookies.txt contains authentication cookies for a valid user session.

If the response includes contents of config.php or other files outside the intended directory, the system is vulnerable.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate and recommended step to mitigate this vulnerability is to upgrade Admidio to version 5.0.9 or later, where the issue has been patched.

This update includes proper validation of the ecard_template parameter to prevent path traversal attacks.

Until the upgrade can be applied, restrict access to the ecard_preview.php endpoint to trusted users only and monitor for suspicious POST requests containing path traversal payloads.

Additionally, review and limit file permissions of sensitive files such as adm_my_files/config.php to minimize exposure.

Useful 0 Not Useful 0