Admidio prior to version 4.1.9 is vulnerable to insufficient session expiration. In vulnerable versions, changing the password in one session does not terminate sessions logged in with the old password, which could lead to unauthorized actors maintaining access to an account.

Affected Packages

Packagist admidio/admidio

Affected versions: 0 (fixed in 4.1.9)

Related CVEs

CVE-2022-0991

Key Information

GHSA ID

GHSA-mf79-f657-47ww

Published

March 20, 2022 12:00 AM

Last Modified

March 28, 2022 3:39 PM

CVSS Score

7.5 /10

Primary Ecosystem

Packagist

Primary Package

admidio/admidio

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 29, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.