CVE-2017-8382
medium
CVSS v3
4.5
CVSS v2
3.5
VIR risk
4.5
Description
admidio CSRF Vulnerability
Predictions
Exploit likelihood
55%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | admidio/admidio | <4.1-Beta.1 | 4.1-Beta.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| admidio | admidio | 3.2.8 | |
References
- http://en.0day.today/exploit/27771
- https://github.com/Admidio/admidio/issues/612
- https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc
- https://www.exploit-db.com/exploits/42005/
- https://nvd.nist.gov/vuln/detail/CVE-2017-8382
- https://github.com/Admidio/admidio/pull/1074
- https://github.com/Admidio/admidio/commit/a7ac9d3c9e0780e877fe9ac846ac64b284de8553
- https://github.com/Admidio/admidio
- https://www.exploit-db.com/exploits/42005
CWEs
CWE-352
Verify integrity in audit chain (admin only). AS-IS.