CVE-2017-8382

MEDIUM

admidio 3.2.8 - Cross-Site Request Forgery in Members Function Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-8382. PoCs published by Faiz Ahmed Zaidi, faizzaidi.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Admidio 3.2.8, allowing an attacker to delete arbitrary user accounts by tricking an admin into submitting a crafted HTML form. The PoC includes a simple HTML form that automates the submission of a delete request.

Description

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Faiz Ahmed Zaidi · textwebappsphp
https://www.exploit-db.com/exploits/42005

This exploit demonstrates a CSRF vulnerability in Admidio 3.2.8, allowing an attacker to delete arbitrary user accounts by tricking an admin into submitting a crafted HTML form. The PoC includes a simple HTML form that automates the submission of a delete request.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Admidio 3.2.8
No auth needed
Prerequisites: Admin user must visit a malicious page or open a crafted HTML/JPEG file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 3 stars
by faizzaidi · poc
https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc

This repository contains a README file referencing a CSRF vulnerability in Admidio 3.2.8 (CVE-2017-8382) with links to external exploit databases. No actual exploit code is present.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Admidio 3.2.8
No auth needed
Prerequisites: Victim must be authenticated and tricked into clicking a malicious link
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42005/
Various Sources x_refsource_misc
http://en.0day.today/exploit/27771
Issue Tracking x_refsource_misc
https://github.com/Admidio/admidio/issues/612

Scores

CVSS v3 4.5
EPSS 0.0263
EPSS Percentile 83.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-352
Status published
Products (2)
admidio/admidio 3.2.8
admidio/admidio 0 - 4.1-Beta.1Packagist
Published May 16, 2017
Tracked Since Feb 18, 2026