### [CVE-2017-8382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8382)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

### POC

#### Reference
- http://en.0day.today/exploit/27771
- https://github.com/Admidio/admidio/issues/612
- https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc
- https://www.exploit-db.com/exploits/42005/

#### Github
- https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc