CyberSec.Space Logo
Back to CVE Browser

CVE-2018-25370

MEDIUM
5.3
CVSS Severity Score
EPSS Score0.0210%
EPSS Percentile1.56th
PublishedMay 25, 2026
Last ModifiedMay 26, 2026

Vulnerability Description

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting roles_function.php with parameters like rol_assign_roles, rol_approve_users, and rol_edit_user set to 1 to escalate privileges without authentication.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

πŸ”— https://sourceforge.net/projects/admidio/files/Admidio/3.3.x/admidio-3.3.5.zip/download
πŸ”— https://www.admidio.org/
πŸ”— https://www.exploit-db.com/exploits/45322
πŸ”— https://www.vulncheck.com/advisories/admidio-cross-site-request-forgery-via-roles-function-php

Related Vulnerabilities

CVE-2018-100064410.0

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files...

CVE-2018-1051110.0

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request for...

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...

CVE-2018-100065110.0

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidenti...