admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
admidio admidio 3.2.8
Admidio 3.2.8 Cross-Site Request Forgery Assigned CVE Number: CVE-2017-8382
Admidio-328-CSRF-POC-by-Provensec-llc Admidio 328 Cross-Site Request Forgery Assigned CVE Number: CVE-2017-8382 wwwexploit-dbcom/exploits/42005/ en0daytoday/exploit/27771