CVE-2018-25370
Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
3th
Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting roles_function.php with parameters like rol_assign_roles, rol_approve_users, and rol_edit_user set to 1 to escalate privileges without authentication.
| CWE | CWE-352 |
| Vendor | admidio |
| Product | admidio |
| Published | May 25, 2026 |
| Last Updated | May 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for admidio admidio
Be the first to know when new medium vulnerabilities affecting admidio admidio are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
Admidio / Admidio
3.3.5
References
exploit-db.com: https://www.exploit-db.com/exploits/45322 admidio.org: https://www.admidio.org/ sourceforge.net: https://sourceforge.net/projects/admidio/files/Admidio/3.3.x/admidio-3.3.5.zip/download vulncheck.com: https://www.vulncheck.com/advisories/admidio-cross-site-request-forgery-via-roles-function-php
Credits
Nawaf Alkeraithe