Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1744 vulnerabilities reference this CWE, most recent first.

GHSA-M8CW-854G-5GVM

Vulnerability from github – Published: 2024-08-26 09:30 – Updated: 2024-08-26 09:30
VLAI
Details

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled.

This issue affects:

  • OTRS from 7.0.X through 7.0.50
  • OTRS 8.0.X
  • OTRS 2023.X
  • OTRS from 2024.X through 2024.5.X
  • ((OTRS)) Community Edition: 6.0.x

Products based on the ((OTRS)) Community Edition also very likely to be affected

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-26T09:15:04Z",
    "severity": "HIGH"
  },
  "details": "Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled.\n\nThis issue affects: \n\n  *  OTRS from 7.0.X through 7.0.50\n  *  OTRS 8.0.X\n  *  OTRS 2023.X\n  *  OTRS from 2024.X through 2024.5.X\n  *  ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected",
  "id": "GHSA-m8cw-854g-5gvm",
  "modified": "2024-08-26T09:30:44Z",
  "published": "2024-08-26T09:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43444"
    },
    {
      "type": "WEB",
      "url": "https://otrs.com/release-notes/otrs-security-advisory-2024-12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M8P9-V77C-RQ98

Vulnerability from github – Published: 2022-01-27 00:01 – Updated: 2022-02-01 00:00
VLAI
Details

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36289"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-25T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.",
  "id": "GHSA-m8p9-v77c-rq98",
  "modified": "2022-02-01T00:00:48Z",
  "published": "2022-01-27T00:01:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36289"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M8V3-F26V-MHFJ

Vulnerability from github – Published: 2023-07-26 06:30 – Updated: 2024-04-04 06:21
VLAI
Details

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-26T06:15:10Z",
    "severity": "MODERATE"
  },
  "details": "The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs.\u00a0A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.",
  "id": "GHSA-m8v3-f26v-mhfj",
  "modified": "2024-04-04T06:21:37Z",
  "published": "2023-07-26T06:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20891"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2023-0016.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9CQ-WCFF-6M72

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-05-24 17:09
VLAI
Details

Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-5400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-27T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.",
  "id": "GHSA-m9cq-wcff-6m72",
  "modified": "2022-05-24T17:09:51Z",
  "published": "2022-05-24T17:09:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5400"
    },
    {
      "type": "WEB",
      "url": "https://www.cloudfoundry.org/blog/cve-2020-5400"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M9FJ-GPR4-VJQM

Vulnerability from github – Published: 2024-09-26 06:30 – Updated: 2024-09-26 06:30
VLAI
Details

Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49037"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-26T04:15:03Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.",
  "id": "GHSA-m9fj-gpr4-vjqm",
  "modified": "2024-09-26T06:30:47Z",
  "published": "2024-09-26T06:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49037"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9J8-W3JP-P7WQ

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36
VLAI
Details

The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-35234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-14T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.",
  "id": "GHSA-m9j8-w3jp-p7wq",
  "modified": "2022-05-24T17:36:20Z",
  "published": "2022-05-24T17:36:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35234"
    },
    {
      "type": "WEB",
      "url": "https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/easy-wp-smtp/#developers"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M9WR-C24P-64C9

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2022-05-24 16:52
VLAI
Details

Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20956"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-08T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset.",
  "id": "GHSA-m9wr-c24p-64c9",
  "modified": "2022-05-24T16:52:52Z",
  "published": "2022-05-24T16:52:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20956"
    },
    {
      "type": "WEB",
      "url": "https://www.pentestpartners.com/security-blog/hacking-swann-home-security-camera-video"
    },
    {
      "type": "WEB",
      "url": "https://www.swann.com/au/safe-by-swann-upgrade"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MCH8-WF3H-6X88

Vulnerability from github – Published: 2026-05-29 22:07 – Updated: 2026-05-29 22:07
VLAI
Summary
Admidio writes session IDs and auto-login cookie values to application logs
Details

Summary

When debug logging is enabled, Session::setCookie() logs full cookie values and Session::start() logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live bearer-style credentials from the logs.

Vulnerable Code Links

  • https://github.com/Admidio/admidio/blob/v5.0.9/src/Session/Entity/Session.php#L533-L540
  • https://github.com/Admidio/admidio/blob/v5.0.9/src/Session/Entity/Session.php#L615-L617

Vulnerable Code

// src/Session/Entity/Session.php
$gLogger->info('Set Cookie!', array(
'name' => $name,
'value' => $value,
'expire' => $expire,
'path' => $path,
'domain' => $domain,
'secure' => $secure,
'httpOnly' => $httpOnly,
'sameSite' => 'lax'
));
...
session_start();
$gLogger->info('Session Started!', array(
'name' => $sessionName,
'limit' => $limit,
'path' => $path,
'domain' => $domain,
'secure' => $secure,
'httpOnly' => $httpOnly,
'sameSite' => 'lax',
'sessionId' => session_id()
));

What Does The Code Mean

Every time Admidio sets a cookie, it writes the raw cookie value to the application log. When a session starts, it writes the active session identifier too.

Why The Code Is Vulnerable

Session IDs and persistent auto-login values are credentials. Logging them turns the log file into a credential store and expands the trust boundary to anyone who can read logs, backups, or external log aggregation outputs.

Verification Environment

  • Application: Admidio v5.0.9
  • Runtime: Dockerized Admidio + MariaDB on http://localhost:18080
  • Validation mode: real deployed application, not isolated unit tests

Steps To Reproduce

  1. Enable Admidio debug logging.
  2. Log in with auto_login=1 enabled.
  3. Inspect the generated application log.
  4. Observe that the log contains both the ADMIDIO_*_AUTO_LOGIN_ID value and the ADMIDIO_*_SESSION_ID value in cleartext.

PoC Script

from helpers import login, new_session, save_json


def main():
session = new_session()
result = login(session, "admin", "AdminPass123!", auto_login=True)
save_json("session_logging_login.json", result)


if __name__ == "__main__":
main()

PoC Output

{
  "cookies": {
"ADMIDIO_admidio_adm_AUTO_LOGIN_ID": "2%3AnO2BhCdRgFUMKT46e2EzS79Inf4oWiLWzLnX9Ko5",
"ADMIDIO_admidio_adm_SESSION_ID": "iga3ujr67cti6s7btnuhecte67"
  },
  "csrf": "y41CaDdEO7RKug5FIRWO2Dx8w7KVQZ",
  "json": {
"status": "success",
"url": "http://localhost:18080/modules/overview.php"
  },
  "status_code": 200
}

5191:[2026-04-30 20:57:59.555213] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"8224iqk8aqcsb0062d0c3f1ish"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5291:[2026-04-30 20:57:59.575756] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"8224iqk8aqcsb0062d0c3f1ish"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5480:[2026-04-30 20:57:59.623872] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"733jf4j6po8m6b1g7glgaghfsg"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5624:[2026-04-30 20:57:59.663760] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"733jf4j6po8m6b1g7glgaghfsg"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5655:[2026-04-30 20:57:59.788831] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_SESSION_ID","value":"ovnk3hhpj5829dj63pjk4i7k8b","expire":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
5680:[2026-04-30 20:57:59.795443] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"ovnk3hhpj5829dj63pjk4i7k8b"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5815:[2026-04-30 20:57:59.838697] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"ovnk3hhpj5829dj63pjk4i7k8b"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5839:[2026-04-30 20:58:09.374182] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"dvrl2qf92skdeimh77ruglr4ga"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5983:[2026-04-30 20:58:09.423217] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"dvrl2qf92skdeimh77ruglr4ga"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6014:[2026-04-30 20:58:09.550875] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_SESSION_ID","value":"2th9qe9etfiis6nujdqpkfd9hv","expire":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
6039:[2026-04-30 20:58:09.557823] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"2th9qe9etfiis6nujdqpkfd9hv"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6273:[2026-04-30 20:58:19.171185] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"k50i1toh4491o6v0htliv2kafs"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6417:[2026-04-30 20:58:19.212351] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"k50i1toh4491o6v0htliv2kafs"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6448:[2026-04-30 20:58:19.337758] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_SESSION_ID","value":"4emiuth6i2fc1ho17nahf6n52g","expire":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
6473:[2026-04-30 20:58:19.346804] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"4emiuth6i2fc1ho17nahf6n52g"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6605:[2026-04-30 20:58:19.390909] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"4emiuth6i2fc1ho17nahf6n52g"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6635:[2026-04-30 20:58:19.409216] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"4emiuth6i2fc1ho17nahf6n52g"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6676:[2026-04-30 20:58:31.002317] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"aegildsksa0i5184igdk12pdg3"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6820:[2026-04-30 20:58:31.045064] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"aegildsksa0i5184igdk12pdg3"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6853:[2026-04-30 20:58:31.174884] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_SESSION_ID","value":"9vsc7c5qv9cr4cavugitg6i2l3","expire":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
6878:[2026-04-30 20:58:31.184031] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"9vsc7c5qv9cr4cavugitg6i2l3"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7010:[2026-04-30 20:58:40.393679] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"nr7mssfl6eupo9d2pboea7hmb2"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7154:[2026-04-30 20:58:40.438503] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"nr7mssfl6eupo9d2pboea7hmb2"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7185:[2026-04-30 20:58:40.564244] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_SESSION_ID","value":"sts5aqfsvqghtl6bfq79a3ap2t","expire":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
7210:[2026-04-30 20:58:40.571305] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"sts5aqfsvqghtl6bfq79a3ap2t"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7342:[2026-04-30 20:58:40.611506] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"sts5aqfsvqghtl6bfq79a3ap2t"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7414:[2026-04-30 21:01:44.898211] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"dcgm8ebt3hkhmvvk9n860r6i5n"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7558:[2026-04-30 21:01:44.940724] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"dcgm8ebt3hkhmvvk9n860r6i5n"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7591:[2026-04-30 21:01:45.066694] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_AUTO_LOGIN_ID","value":"2:nO2BhCdRgFUMKT46e2EzS79Inf4oWiLWzLnX9Ko5","expire":1809118905,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
7596:[2026-04-30 21:01:45.068352] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_SESSION_ID","value":"iga3ujr67cti6s7btnuhecte67","expire":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}

Impact

Any actor with log access can replay or abuse current session IDs and auto-login cookies, leading to session hijacking or long-lived account access depending on deployment and cookie lifetime.

Remediation And Suggestions

Never log raw session identifiers or cookie values. Replace them with fixed labels or redact most of the value before logging.

$gLogger->info('Set Cookie!', [
'name' => $name,
'value' => '[redacted]',
'expire' => $expire,
'path' => $path,
'domain' => $domain,
'secure' => $secure,
'httpOnly' => $httpOnly,
'sameSite' => 'lax',
]);

$gLogger->info('Session Started!', [
'name' => $sessionName,
'limit' => $limit,
'path' => $path,
'domain' => $domain,
'secure' => $secure,
'httpOnly' => $httpOnly,
'sameSite' => 'lax',
'sessionId' => '[redacted]',
]);
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.0.9"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "admidio/admidio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.0.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-47234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-29T22:07:52Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nWhen debug logging is enabled, `Session::setCookie()` logs full cookie values and `Session::start()` logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live bearer-style credentials from the logs.\n\n## Vulnerable Code Links\n\n- https://github.com/Admidio/admidio/blob/v5.0.9/src/Session/Entity/Session.php#L533-L540\n- https://github.com/Admidio/admidio/blob/v5.0.9/src/Session/Entity/Session.php#L615-L617\n\n## Vulnerable Code\n\n```php\n// src/Session/Entity/Session.php\n$gLogger-\u003einfo(\u0027Set Cookie!\u0027, array(\n\u0027name\u0027 =\u003e $name,\n\u0027value\u0027 =\u003e $value,\n\u0027expire\u0027 =\u003e $expire,\n\u0027path\u0027 =\u003e $path,\n\u0027domain\u0027 =\u003e $domain,\n\u0027secure\u0027 =\u003e $secure,\n\u0027httpOnly\u0027 =\u003e $httpOnly,\n\u0027sameSite\u0027 =\u003e \u0027lax\u0027\n));\n...\nsession_start();\n$gLogger-\u003einfo(\u0027Session Started!\u0027, array(\n\u0027name\u0027 =\u003e $sessionName,\n\u0027limit\u0027 =\u003e $limit,\n\u0027path\u0027 =\u003e $path,\n\u0027domain\u0027 =\u003e $domain,\n\u0027secure\u0027 =\u003e $secure,\n\u0027httpOnly\u0027 =\u003e $httpOnly,\n\u0027sameSite\u0027 =\u003e \u0027lax\u0027,\n\u0027sessionId\u0027 =\u003e session_id()\n));\n```\n\n\n## What Does The Code Mean\n\nEvery time Admidio sets a cookie, it writes the raw cookie value to the application log. When a session starts, it writes the active session identifier too.\n\n## Why The Code Is Vulnerable\n\nSession IDs and persistent auto-login values are credentials. Logging them turns the log file into a credential store and expands the trust boundary to anyone who can read logs, backups, or external log aggregation outputs.\n\n## Verification Environment\n\n- Application: Admidio `v5.0.9`\n- Runtime: Dockerized Admidio + MariaDB on `http://localhost:18080`\n- Validation mode: real deployed application, not isolated unit tests\n\n## Steps To Reproduce\n\n1. Enable Admidio debug logging.\n2. Log in with `auto_login=1` enabled.\n3. Inspect the generated application log.\n4. Observe that the log contains both the `ADMIDIO_*_AUTO_LOGIN_ID` value and the `ADMIDIO_*_SESSION_ID` value in cleartext.\n\n\n## PoC Script\n\n```python\nfrom helpers import login, new_session, save_json\n\n\ndef main():\nsession = new_session()\nresult = login(session, \"admin\", \"AdminPass123!\", auto_login=True)\nsave_json(\"session_logging_login.json\", result)\n\n\nif __name__ == \"__main__\":\nmain()\n```\n\n## PoC Output\n\n```text\n{\n  \"cookies\": {\n\"ADMIDIO_admidio_adm_AUTO_LOGIN_ID\": \"2%3AnO2BhCdRgFUMKT46e2EzS79Inf4oWiLWzLnX9Ko5\",\n\"ADMIDIO_admidio_adm_SESSION_ID\": \"iga3ujr67cti6s7btnuhecte67\"\n  },\n  \"csrf\": \"y41CaDdEO7RKug5FIRWO2Dx8w7KVQZ\",\n  \"json\": {\n\"status\": \"success\",\n\"url\": \"http://localhost:18080/modules/overview.php\"\n  },\n  \"status_code\": 200\n}\n\n5191:[2026-04-30 20:57:59.555213] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"8224iqk8aqcsb0062d0c3f1ish\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5291:[2026-04-30 20:57:59.575756] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"8224iqk8aqcsb0062d0c3f1ish\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5480:[2026-04-30 20:57:59.623872] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"733jf4j6po8m6b1g7glgaghfsg\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5624:[2026-04-30 20:57:59.663760] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"733jf4j6po8m6b1g7glgaghfsg\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5655:[2026-04-30 20:57:59.788831] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"value\":\"ovnk3hhpj5829dj63pjk4i7k8b\",\"expire\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n5680:[2026-04-30 20:57:59.795443] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"ovnk3hhpj5829dj63pjk4i7k8b\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5815:[2026-04-30 20:57:59.838697] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"ovnk3hhpj5829dj63pjk4i7k8b\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5839:[2026-04-30 20:58:09.374182] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"dvrl2qf92skdeimh77ruglr4ga\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5983:[2026-04-30 20:58:09.423217] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"dvrl2qf92skdeimh77ruglr4ga\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6014:[2026-04-30 20:58:09.550875] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"value\":\"2th9qe9etfiis6nujdqpkfd9hv\",\"expire\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n6039:[2026-04-30 20:58:09.557823] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"2th9qe9etfiis6nujdqpkfd9hv\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6273:[2026-04-30 20:58:19.171185] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"k50i1toh4491o6v0htliv2kafs\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6417:[2026-04-30 20:58:19.212351] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"k50i1toh4491o6v0htliv2kafs\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6448:[2026-04-30 20:58:19.337758] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"value\":\"4emiuth6i2fc1ho17nahf6n52g\",\"expire\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n6473:[2026-04-30 20:58:19.346804] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"4emiuth6i2fc1ho17nahf6n52g\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6605:[2026-04-30 20:58:19.390909] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"4emiuth6i2fc1ho17nahf6n52g\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6635:[2026-04-30 20:58:19.409216] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"4emiuth6i2fc1ho17nahf6n52g\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6676:[2026-04-30 20:58:31.002317] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"aegildsksa0i5184igdk12pdg3\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6820:[2026-04-30 20:58:31.045064] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"aegildsksa0i5184igdk12pdg3\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6853:[2026-04-30 20:58:31.174884] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"value\":\"9vsc7c5qv9cr4cavugitg6i2l3\",\"expire\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n6878:[2026-04-30 20:58:31.184031] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"9vsc7c5qv9cr4cavugitg6i2l3\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7010:[2026-04-30 20:58:40.393679] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"nr7mssfl6eupo9d2pboea7hmb2\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7154:[2026-04-30 20:58:40.438503] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"nr7mssfl6eupo9d2pboea7hmb2\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7185:[2026-04-30 20:58:40.564244] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"value\":\"sts5aqfsvqghtl6bfq79a3ap2t\",\"expire\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n7210:[2026-04-30 20:58:40.571305] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"sts5aqfsvqghtl6bfq79a3ap2t\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7342:[2026-04-30 20:58:40.611506] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"sts5aqfsvqghtl6bfq79a3ap2t\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7414:[2026-04-30 21:01:44.898211] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"dcgm8ebt3hkhmvvk9n860r6i5n\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7558:[2026-04-30 21:01:44.940724] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"dcgm8ebt3hkhmvvk9n860r6i5n\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7591:[2026-04-30 21:01:45.066694] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_AUTO_LOGIN_ID\",\"value\":\"2:nO2BhCdRgFUMKT46e2EzS79Inf4oWiLWzLnX9Ko5\",\"expire\":1809118905,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n7596:[2026-04-30 21:01:45.068352] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"value\":\"iga3ujr67cti6s7btnuhecte67\",\"expire\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n```\n\n## Impact\n\nAny actor with log access can replay or abuse current session IDs and auto-login cookies, leading to session hijacking or long-lived account access depending on deployment and cookie lifetime.\n\n## Remediation And Suggestions\n\nNever log raw session identifiers or cookie values. Replace them with fixed labels or redact most of the value before logging.\n\n```php\n$gLogger-\u003einfo(\u0027Set Cookie!\u0027, [\n\u0027name\u0027 =\u003e $name,\n\u0027value\u0027 =\u003e \u0027[redacted]\u0027,\n\u0027expire\u0027 =\u003e $expire,\n\u0027path\u0027 =\u003e $path,\n\u0027domain\u0027 =\u003e $domain,\n\u0027secure\u0027 =\u003e $secure,\n\u0027httpOnly\u0027 =\u003e $httpOnly,\n\u0027sameSite\u0027 =\u003e \u0027lax\u0027,\n]);\n\n$gLogger-\u003einfo(\u0027Session Started!\u0027, [\n\u0027name\u0027 =\u003e $sessionName,\n\u0027limit\u0027 =\u003e $limit,\n\u0027path\u0027 =\u003e $path,\n\u0027domain\u0027 =\u003e $domain,\n\u0027secure\u0027 =\u003e $secure,\n\u0027httpOnly\u0027 =\u003e $httpOnly,\n\u0027sameSite\u0027 =\u003e \u0027lax\u0027,\n\u0027sessionId\u0027 =\u003e \u0027[redacted]\u0027,\n]);\n```",
  "id": "GHSA-mch8-wf3h-6x88",
  "modified": "2026-05-29T22:07:52Z",
  "published": "2026-05-29T22:07:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-mch8-wf3h-6x88"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Admidio/admidio"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Admidio writes session IDs and auto-login cookie values to application logs"
}

GHSA-MF6G-2H9H-JW37

Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59
VLAI
Details

Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11283"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-23T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.",
  "id": "GHSA-mf6g-2h9h-jw37",
  "modified": "2022-05-24T16:59:44Z",
  "published": "2022-05-24T16:59:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11283"
    },
    {
      "type": "WEB",
      "url": "https://www.cloudfoundry.org/blog/cve-2019-11283"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MFPQ-3JM4-GH33

Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-01-14 18:32
VLAI
Details

Windows Kernel Memory Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T18:15:55Z",
    "severity": "MODERATE"
  },
  "details": "Windows Kernel Memory Information Disclosure Vulnerability",
  "id": "GHSA-mfpq-3jm4-gh33",
  "modified": "2025-01-14T18:32:04Z",
  "published": "2025-01-14T18:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21317"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21317"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.