CVE-2018-25370

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting roles function.php with parameters like rol assign roles, rol approve users, and rol edit user set to 1 to escalate privileges without authentication.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-25370

Affected Products

Undefined

CVE-2018-25370

Weakness Enumeration

Related Identifiers

Affected Products

References · 5