CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1744 vulnerabilities reference this CWE, most recent first.
GHSA-M8CW-854G-5GVM
Vulnerability from github – Published: 2024-08-26 09:30 – Updated: 2024-08-26 09:30Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled.
This issue affects:
- OTRS from 7.0.X through 7.0.50
- OTRS 8.0.X
- OTRS 2023.X
- OTRS from 2024.X through 2024.5.X
- ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
{
"affected": [],
"aliases": [
"CVE-2024-43444"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-26T09:15:04Z",
"severity": "HIGH"
},
"details": "Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled.\n\nThis issue affects: \n\n * OTRS from 7.0.X through 7.0.50\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS from 2024.X through 2024.5.X\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected",
"id": "GHSA-m8cw-854g-5gvm",
"modified": "2024-08-26T09:30:44Z",
"published": "2024-08-26T09:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43444"
},
{
"type": "WEB",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M8P9-V77C-RQ98
Vulnerability from github – Published: 2022-01-27 00:01 – Updated: 2022-02-01 00:00Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.
{
"affected": [],
"aliases": [
"CVE-2021-36289"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-25T23:15:00Z",
"severity": "HIGH"
},
"details": "Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.",
"id": "GHSA-m8p9-v77c-rq98",
"modified": "2022-02-01T00:00:48Z",
"published": "2022-01-27T00:01:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36289"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M8V3-F26V-MHFJ
Vulnerability from github – Published: 2023-07-26 06:30 – Updated: 2024-04-04 06:21The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.
{
"affected": [],
"aliases": [
"CVE-2023-20891"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-26T06:15:10Z",
"severity": "MODERATE"
},
"details": "The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs.\u00a0A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.",
"id": "GHSA-m8v3-f26v-mhfj",
"modified": "2024-04-04T06:21:37Z",
"published": "2023-07-26T06:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20891"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0016.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M9CQ-WCFF-6M72
Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-05-24 17:09Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.
{
"affected": [],
"aliases": [
"CVE-2020-5400"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-27T20:15:00Z",
"severity": "MODERATE"
},
"details": "Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.",
"id": "GHSA-m9cq-wcff-6m72",
"modified": "2022-05-24T17:09:51Z",
"published": "2022-05-24T17:09:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5400"
},
{
"type": "WEB",
"url": "https://www.cloudfoundry.org/blog/cve-2020-5400"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M9FJ-GPR4-VJQM
Vulnerability from github – Published: 2024-09-26 06:30 – Updated: 2024-09-26 06:30Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2022-49037"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-26T04:15:03Z",
"severity": "MODERATE"
},
"details": "Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.",
"id": "GHSA-m9fj-gpr4-vjqm",
"modified": "2024-09-26T06:30:47Z",
"published": "2024-09-26T06:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49037"
},
{
"type": "WEB",
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M9J8-W3JP-P7WQ
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.
{
"affected": [],
"aliases": [
"CVE-2020-35234"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-14T03:15:00Z",
"severity": "HIGH"
},
"details": "The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.",
"id": "GHSA-m9j8-w3jp-p7wq",
"modified": "2022-05-24T17:36:20Z",
"published": "2022-05-24T17:36:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35234"
},
{
"type": "WEB",
"url": "https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/easy-wp-smtp/#developers"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M9WR-C24P-64C9
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2022-05-24 16:52Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset.
{
"affected": [],
"aliases": [
"CVE-2018-20956"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-08T21:15:00Z",
"severity": "MODERATE"
},
"details": "Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset.",
"id": "GHSA-m9wr-c24p-64c9",
"modified": "2022-05-24T16:52:52Z",
"published": "2022-05-24T16:52:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20956"
},
{
"type": "WEB",
"url": "https://www.pentestpartners.com/security-blog/hacking-swann-home-security-camera-video"
},
{
"type": "WEB",
"url": "https://www.swann.com/au/safe-by-swann-upgrade"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MCH8-WF3H-6X88
Vulnerability from github – Published: 2026-05-29 22:07 – Updated: 2026-05-29 22:07Summary
When debug logging is enabled, Session::setCookie() logs full cookie values and Session::start() logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live bearer-style credentials from the logs.
Vulnerable Code Links
- https://github.com/Admidio/admidio/blob/v5.0.9/src/Session/Entity/Session.php#L533-L540
- https://github.com/Admidio/admidio/blob/v5.0.9/src/Session/Entity/Session.php#L615-L617
Vulnerable Code
// src/Session/Entity/Session.php
$gLogger->info('Set Cookie!', array(
'name' => $name,
'value' => $value,
'expire' => $expire,
'path' => $path,
'domain' => $domain,
'secure' => $secure,
'httpOnly' => $httpOnly,
'sameSite' => 'lax'
));
...
session_start();
$gLogger->info('Session Started!', array(
'name' => $sessionName,
'limit' => $limit,
'path' => $path,
'domain' => $domain,
'secure' => $secure,
'httpOnly' => $httpOnly,
'sameSite' => 'lax',
'sessionId' => session_id()
));
What Does The Code Mean
Every time Admidio sets a cookie, it writes the raw cookie value to the application log. When a session starts, it writes the active session identifier too.
Why The Code Is Vulnerable
Session IDs and persistent auto-login values are credentials. Logging them turns the log file into a credential store and expands the trust boundary to anyone who can read logs, backups, or external log aggregation outputs.
Verification Environment
- Application: Admidio
v5.0.9 - Runtime: Dockerized Admidio + MariaDB on
http://localhost:18080 - Validation mode: real deployed application, not isolated unit tests
Steps To Reproduce
- Enable Admidio debug logging.
- Log in with
auto_login=1enabled. - Inspect the generated application log.
- Observe that the log contains both the
ADMIDIO_*_AUTO_LOGIN_IDvalue and theADMIDIO_*_SESSION_IDvalue in cleartext.
PoC Script
from helpers import login, new_session, save_json
def main():
session = new_session()
result = login(session, "admin", "AdminPass123!", auto_login=True)
save_json("session_logging_login.json", result)
if __name__ == "__main__":
main()
PoC Output
{
"cookies": {
"ADMIDIO_admidio_adm_AUTO_LOGIN_ID": "2%3AnO2BhCdRgFUMKT46e2EzS79Inf4oWiLWzLnX9Ko5",
"ADMIDIO_admidio_adm_SESSION_ID": "iga3ujr67cti6s7btnuhecte67"
},
"csrf": "y41CaDdEO7RKug5FIRWO2Dx8w7KVQZ",
"json": {
"status": "success",
"url": "http://localhost:18080/modules/overview.php"
},
"status_code": 200
}
5191:[2026-04-30 20:57:59.555213] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"8224iqk8aqcsb0062d0c3f1ish"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5291:[2026-04-30 20:57:59.575756] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"8224iqk8aqcsb0062d0c3f1ish"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5480:[2026-04-30 20:57:59.623872] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"733jf4j6po8m6b1g7glgaghfsg"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5624:[2026-04-30 20:57:59.663760] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"733jf4j6po8m6b1g7glgaghfsg"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5655:[2026-04-30 20:57:59.788831] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_SESSION_ID","value":"ovnk3hhpj5829dj63pjk4i7k8b","expire":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
5680:[2026-04-30 20:57:59.795443] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"ovnk3hhpj5829dj63pjk4i7k8b"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5815:[2026-04-30 20:57:59.838697] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"ovnk3hhpj5829dj63pjk4i7k8b"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5839:[2026-04-30 20:58:09.374182] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"dvrl2qf92skdeimh77ruglr4ga"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
5983:[2026-04-30 20:58:09.423217] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"dvrl2qf92skdeimh77ruglr4ga"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6014:[2026-04-30 20:58:09.550875] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_SESSION_ID","value":"2th9qe9etfiis6nujdqpkfd9hv","expire":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
6039:[2026-04-30 20:58:09.557823] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"2th9qe9etfiis6nujdqpkfd9hv"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6273:[2026-04-30 20:58:19.171185] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"k50i1toh4491o6v0htliv2kafs"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6417:[2026-04-30 20:58:19.212351] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"k50i1toh4491o6v0htliv2kafs"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6448:[2026-04-30 20:58:19.337758] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_SESSION_ID","value":"4emiuth6i2fc1ho17nahf6n52g","expire":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
6473:[2026-04-30 20:58:19.346804] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"4emiuth6i2fc1ho17nahf6n52g"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6605:[2026-04-30 20:58:19.390909] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"4emiuth6i2fc1ho17nahf6n52g"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6635:[2026-04-30 20:58:19.409216] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"4emiuth6i2fc1ho17nahf6n52g"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6676:[2026-04-30 20:58:31.002317] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"aegildsksa0i5184igdk12pdg3"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6820:[2026-04-30 20:58:31.045064] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"aegildsksa0i5184igdk12pdg3"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
6853:[2026-04-30 20:58:31.174884] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_SESSION_ID","value":"9vsc7c5qv9cr4cavugitg6i2l3","expire":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
6878:[2026-04-30 20:58:31.184031] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"9vsc7c5qv9cr4cavugitg6i2l3"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7010:[2026-04-30 20:58:40.393679] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"nr7mssfl6eupo9d2pboea7hmb2"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7154:[2026-04-30 20:58:40.438503] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"nr7mssfl6eupo9d2pboea7hmb2"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7185:[2026-04-30 20:58:40.564244] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_SESSION_ID","value":"sts5aqfsvqghtl6bfq79a3ap2t","expire":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
7210:[2026-04-30 20:58:40.571305] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"sts5aqfsvqghtl6bfq79a3ap2t"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7342:[2026-04-30 20:58:40.611506] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"sts5aqfsvqghtl6bfq79a3ap2t"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7414:[2026-04-30 21:01:44.898211] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"dcgm8ebt3hkhmvvk9n860r6i5n"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7558:[2026-04-30 21:01:44.940724] Admidio.INFO: Session Started! {"name":"ADMIDIO_admidio_adm_SESSION_ID","limit":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax","sessionId":"dcgm8ebt3hkhmvvk9n860r6i5n"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":617,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"start"}
7591:[2026-04-30 21:01:45.066694] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_AUTO_LOGIN_ID","value":"2:nO2BhCdRgFUMKT46e2EzS79Inf4oWiLWzLnX9Ko5","expire":1809118905,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
7596:[2026-04-30 21:01:45.068352] Admidio.INFO: Set Cookie! {"name":"ADMIDIO_admidio_adm_SESSION_ID","value":"iga3ujr67cti6s7btnuhecte67","expire":0,"path":"/","domain":false,"secure":false,"httpOnly":true,"sameSite":"lax"} {"file":"/opt/app-root/src/src/Session/Entity/Session.php","line":533,"class":"Admidio\\Session\\Entity\\Session","callType":"::","function":"setCookie"}
Impact
Any actor with log access can replay or abuse current session IDs and auto-login cookies, leading to session hijacking or long-lived account access depending on deployment and cookie lifetime.
Remediation And Suggestions
Never log raw session identifiers or cookie values. Replace them with fixed labels or redact most of the value before logging.
$gLogger->info('Set Cookie!', [
'name' => $name,
'value' => '[redacted]',
'expire' => $expire,
'path' => $path,
'domain' => $domain,
'secure' => $secure,
'httpOnly' => $httpOnly,
'sameSite' => 'lax',
]);
$gLogger->info('Session Started!', [
'name' => $sessionName,
'limit' => $limit,
'path' => $path,
'domain' => $domain,
'secure' => $secure,
'httpOnly' => $httpOnly,
'sameSite' => 'lax',
'sessionId' => '[redacted]',
]);
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.0.9"
},
"package": {
"ecosystem": "Packagist",
"name": "admidio/admidio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47234"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-29T22:07:52Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\n\nWhen debug logging is enabled, `Session::setCookie()` logs full cookie values and `Session::start()` logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live bearer-style credentials from the logs.\n\n## Vulnerable Code Links\n\n- https://github.com/Admidio/admidio/blob/v5.0.9/src/Session/Entity/Session.php#L533-L540\n- https://github.com/Admidio/admidio/blob/v5.0.9/src/Session/Entity/Session.php#L615-L617\n\n## Vulnerable Code\n\n```php\n// src/Session/Entity/Session.php\n$gLogger-\u003einfo(\u0027Set Cookie!\u0027, array(\n\u0027name\u0027 =\u003e $name,\n\u0027value\u0027 =\u003e $value,\n\u0027expire\u0027 =\u003e $expire,\n\u0027path\u0027 =\u003e $path,\n\u0027domain\u0027 =\u003e $domain,\n\u0027secure\u0027 =\u003e $secure,\n\u0027httpOnly\u0027 =\u003e $httpOnly,\n\u0027sameSite\u0027 =\u003e \u0027lax\u0027\n));\n...\nsession_start();\n$gLogger-\u003einfo(\u0027Session Started!\u0027, array(\n\u0027name\u0027 =\u003e $sessionName,\n\u0027limit\u0027 =\u003e $limit,\n\u0027path\u0027 =\u003e $path,\n\u0027domain\u0027 =\u003e $domain,\n\u0027secure\u0027 =\u003e $secure,\n\u0027httpOnly\u0027 =\u003e $httpOnly,\n\u0027sameSite\u0027 =\u003e \u0027lax\u0027,\n\u0027sessionId\u0027 =\u003e session_id()\n));\n```\n\n\n## What Does The Code Mean\n\nEvery time Admidio sets a cookie, it writes the raw cookie value to the application log. When a session starts, it writes the active session identifier too.\n\n## Why The Code Is Vulnerable\n\nSession IDs and persistent auto-login values are credentials. Logging them turns the log file into a credential store and expands the trust boundary to anyone who can read logs, backups, or external log aggregation outputs.\n\n## Verification Environment\n\n- Application: Admidio `v5.0.9`\n- Runtime: Dockerized Admidio + MariaDB on `http://localhost:18080`\n- Validation mode: real deployed application, not isolated unit tests\n\n## Steps To Reproduce\n\n1. Enable Admidio debug logging.\n2. Log in with `auto_login=1` enabled.\n3. Inspect the generated application log.\n4. Observe that the log contains both the `ADMIDIO_*_AUTO_LOGIN_ID` value and the `ADMIDIO_*_SESSION_ID` value in cleartext.\n\n\n## PoC Script\n\n```python\nfrom helpers import login, new_session, save_json\n\n\ndef main():\nsession = new_session()\nresult = login(session, \"admin\", \"AdminPass123!\", auto_login=True)\nsave_json(\"session_logging_login.json\", result)\n\n\nif __name__ == \"__main__\":\nmain()\n```\n\n## PoC Output\n\n```text\n{\n \"cookies\": {\n\"ADMIDIO_admidio_adm_AUTO_LOGIN_ID\": \"2%3AnO2BhCdRgFUMKT46e2EzS79Inf4oWiLWzLnX9Ko5\",\n\"ADMIDIO_admidio_adm_SESSION_ID\": \"iga3ujr67cti6s7btnuhecte67\"\n },\n \"csrf\": \"y41CaDdEO7RKug5FIRWO2Dx8w7KVQZ\",\n \"json\": {\n\"status\": \"success\",\n\"url\": \"http://localhost:18080/modules/overview.php\"\n },\n \"status_code\": 200\n}\n\n5191:[2026-04-30 20:57:59.555213] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"8224iqk8aqcsb0062d0c3f1ish\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5291:[2026-04-30 20:57:59.575756] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"8224iqk8aqcsb0062d0c3f1ish\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5480:[2026-04-30 20:57:59.623872] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"733jf4j6po8m6b1g7glgaghfsg\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5624:[2026-04-30 20:57:59.663760] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"733jf4j6po8m6b1g7glgaghfsg\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5655:[2026-04-30 20:57:59.788831] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"value\":\"ovnk3hhpj5829dj63pjk4i7k8b\",\"expire\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n5680:[2026-04-30 20:57:59.795443] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"ovnk3hhpj5829dj63pjk4i7k8b\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5815:[2026-04-30 20:57:59.838697] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"ovnk3hhpj5829dj63pjk4i7k8b\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5839:[2026-04-30 20:58:09.374182] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"dvrl2qf92skdeimh77ruglr4ga\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n5983:[2026-04-30 20:58:09.423217] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"dvrl2qf92skdeimh77ruglr4ga\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6014:[2026-04-30 20:58:09.550875] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"value\":\"2th9qe9etfiis6nujdqpkfd9hv\",\"expire\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n6039:[2026-04-30 20:58:09.557823] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"2th9qe9etfiis6nujdqpkfd9hv\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6273:[2026-04-30 20:58:19.171185] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"k50i1toh4491o6v0htliv2kafs\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6417:[2026-04-30 20:58:19.212351] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"k50i1toh4491o6v0htliv2kafs\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6448:[2026-04-30 20:58:19.337758] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"value\":\"4emiuth6i2fc1ho17nahf6n52g\",\"expire\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n6473:[2026-04-30 20:58:19.346804] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"4emiuth6i2fc1ho17nahf6n52g\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6605:[2026-04-30 20:58:19.390909] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"4emiuth6i2fc1ho17nahf6n52g\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6635:[2026-04-30 20:58:19.409216] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"4emiuth6i2fc1ho17nahf6n52g\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6676:[2026-04-30 20:58:31.002317] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"aegildsksa0i5184igdk12pdg3\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6820:[2026-04-30 20:58:31.045064] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"aegildsksa0i5184igdk12pdg3\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n6853:[2026-04-30 20:58:31.174884] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"value\":\"9vsc7c5qv9cr4cavugitg6i2l3\",\"expire\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n6878:[2026-04-30 20:58:31.184031] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"9vsc7c5qv9cr4cavugitg6i2l3\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7010:[2026-04-30 20:58:40.393679] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"nr7mssfl6eupo9d2pboea7hmb2\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7154:[2026-04-30 20:58:40.438503] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"nr7mssfl6eupo9d2pboea7hmb2\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7185:[2026-04-30 20:58:40.564244] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"value\":\"sts5aqfsvqghtl6bfq79a3ap2t\",\"expire\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n7210:[2026-04-30 20:58:40.571305] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"sts5aqfsvqghtl6bfq79a3ap2t\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7342:[2026-04-30 20:58:40.611506] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"sts5aqfsvqghtl6bfq79a3ap2t\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7414:[2026-04-30 21:01:44.898211] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"dcgm8ebt3hkhmvvk9n860r6i5n\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7558:[2026-04-30 21:01:44.940724] Admidio.INFO: Session Started! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"limit\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\",\"sessionId\":\"dcgm8ebt3hkhmvvk9n860r6i5n\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":617,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"start\"}\n7591:[2026-04-30 21:01:45.066694] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_AUTO_LOGIN_ID\",\"value\":\"2:nO2BhCdRgFUMKT46e2EzS79Inf4oWiLWzLnX9Ko5\",\"expire\":1809118905,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n7596:[2026-04-30 21:01:45.068352] Admidio.INFO: Set Cookie! {\"name\":\"ADMIDIO_admidio_adm_SESSION_ID\",\"value\":\"iga3ujr67cti6s7btnuhecte67\",\"expire\":0,\"path\":\"/\",\"domain\":false,\"secure\":false,\"httpOnly\":true,\"sameSite\":\"lax\"} {\"file\":\"/opt/app-root/src/src/Session/Entity/Session.php\",\"line\":533,\"class\":\"Admidio\\\\Session\\\\Entity\\\\Session\",\"callType\":\"::\",\"function\":\"setCookie\"}\n```\n\n## Impact\n\nAny actor with log access can replay or abuse current session IDs and auto-login cookies, leading to session hijacking or long-lived account access depending on deployment and cookie lifetime.\n\n## Remediation And Suggestions\n\nNever log raw session identifiers or cookie values. Replace them with fixed labels or redact most of the value before logging.\n\n```php\n$gLogger-\u003einfo(\u0027Set Cookie!\u0027, [\n\u0027name\u0027 =\u003e $name,\n\u0027value\u0027 =\u003e \u0027[redacted]\u0027,\n\u0027expire\u0027 =\u003e $expire,\n\u0027path\u0027 =\u003e $path,\n\u0027domain\u0027 =\u003e $domain,\n\u0027secure\u0027 =\u003e $secure,\n\u0027httpOnly\u0027 =\u003e $httpOnly,\n\u0027sameSite\u0027 =\u003e \u0027lax\u0027,\n]);\n\n$gLogger-\u003einfo(\u0027Session Started!\u0027, [\n\u0027name\u0027 =\u003e $sessionName,\n\u0027limit\u0027 =\u003e $limit,\n\u0027path\u0027 =\u003e $path,\n\u0027domain\u0027 =\u003e $domain,\n\u0027secure\u0027 =\u003e $secure,\n\u0027httpOnly\u0027 =\u003e $httpOnly,\n\u0027sameSite\u0027 =\u003e \u0027lax\u0027,\n\u0027sessionId\u0027 =\u003e \u0027[redacted]\u0027,\n]);\n```",
"id": "GHSA-mch8-wf3h-6x88",
"modified": "2026-05-29T22:07:52Z",
"published": "2026-05-29T22:07:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-mch8-wf3h-6x88"
},
{
"type": "PACKAGE",
"url": "https://github.com/Admidio/admidio"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Admidio writes session IDs and auto-login cookie values to application logs"
}
GHSA-MF6G-2H9H-JW37
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.
{
"affected": [],
"aliases": [
"CVE-2019-11283"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-23T16:15:00Z",
"severity": "HIGH"
},
"details": "Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.",
"id": "GHSA-mf6g-2h9h-jw37",
"modified": "2022-05-24T16:59:44Z",
"published": "2022-05-24T16:59:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11283"
},
{
"type": "WEB",
"url": "https://www.cloudfoundry.org/blog/cve-2019-11283"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MFPQ-3JM4-GH33
Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-01-14 18:32Windows Kernel Memory Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-21317"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T18:15:55Z",
"severity": "MODERATE"
},
"details": "Windows Kernel Memory Information Disclosure Vulnerability",
"id": "GHSA-mfpq-3jm4-gh33",
"modified": "2025-01-14T18:32:04Z",
"published": "2025-01-14T18:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21317"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21317"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.