Published: 16/05/2017 Updated: 05/06/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.5 | Impact Score: 3.6 | Exploitability Score: 0.9

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
admidio admidio 3.2.8

# Exploit Title :Admidio 328 (CSRF to Delete Users) # Date: 28/April/2017 # Exploit Author: Faiz Ahmed Zaidi Organization: Provensec LLC Website: provenseccom/ # Vendor Homepage: wwwadmidioorg/ # Software Link: wwwadmidioorg/downloadphp # Version: 328 # Tested on: Windows 10 (Xampp) # CVE : CVE-2017-8382 [Suggest ...

Admidio version 328 suffers from a cross site request forgery vulnerability ...

Admidio 3.2.8 Cross-Site Request Forgery Assigned CVE Number: CVE-2017-8382

Admidio-328-CSRF-POC-by-Provensec-llc Admidio 328 Cross-Site Request Forgery Assigned CVE Number: CVE-2017-8382 wwwexploit-dbcom/exploits/42005/ en0daytoday/exploit/27771

CWE-352 https://www.exploit-db.com/exploits/42005/https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc https://github.com/Admidio/admidio/issues/612 http://en.0day.today/exploit/27771 https://nvd.nist.gov https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc https://www.exploit-db.com/exploits/42005/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-8382

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect