cve/2017/CVE-2017-8382.md

CVE-2017-8382

Description

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

POC

Reference

• http://en.0day.today/exploit/27771
• https://github.com/Admidio/admidio/issues/612
• https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc
• https://www.exploit-db.com/exploits/42005/

Github

• https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc