Description
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Faiz Ahmed Zaidi · textwebappsphp
https://www.exploit-db.com/exploits/42005
nomisec
WRITEUP
3 stars
by faizzaidi · poc
https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc
References (4)
Core 4
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/42005/
Various Sources x_refsource_misc
http://en.0day.today/exploit/27771
Various Sources x_refsource_misc
https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc
Issue Tracking x_refsource_misc
https://github.com/Admidio/admidio/issues/612
Scores
CVSS v3
4.5
EPSS
0.0065
EPSS Percentile
70.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-352
Status
published
Products (2)
admidio/admidio
3.2.8
admidio/admidio
0 - 4.1-Beta.1Packagist
Published
May 16, 2017
Tracked Since
Feb 18, 2026