VYPR
Medium severity5.3NVD Advisory· Published May 25, 2026· Updated May 26, 2026

CVE-2018-25370

CVE-2018-25370

Description

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting roles_function.php with parameters like rol_assign_roles, rol_approve_users, and rol_edit_user set to 1 to escalate privileges without authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Admidio/Admidioinferred2 versions
    = 3.3.5+ 1 more
    • (no CPE)range: = 3.3.5
    • (no CPE)range: =3.3.5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.