CVE-2018-25370
BaseFortify
Publication date: 2026-05-25
Last updated on: 2026-05-25
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| admidio | admidio | 3.3.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Admidio 3.3.5 contains a cross-site request forgery (CSRF) vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking.
Attackers can craft malicious HTML forms targeting the roles_function.php script with parameters such as rol_assign_roles, rol_approve_users, and rol_edit_user set to 1, enabling them to escalate their privileges without authentication.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low privileges to escalate their permissions within the Admidio system.
By exploiting the CSRF flaw, attackers can gain unauthorized administrative capabilities such as assigning roles, approving users, or editing user information, potentially compromising the integrity and security of the system.