Описание
admidio CSRF Vulnerability
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-8382
- https://github.com/Admidio/admidio/issues/612
- https://github.com/Admidio/admidio/pull/1074
- https://github.com/Admidio/admidio/commit/a7ac9d3c9e0780e877fe9ac846ac64b284de8553
- https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc
- https://www.exploit-db.com/exploits/42005
- http://en.0day.today/exploit/27771
Пакеты
Наименование
admidio/admidio
composer
Затронутые версииВерсия исправления
< 4.1-Beta.1
4.1-Beta.1
Связанные уязвимости
CVSS3: 4.5
nvd
больше 8 лет назад
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.