PatchSiren

Admidio CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Admidio CVE published 2026-05-25

CVE-2018-25370

CVE-2018-25370 documents a cross-site request forgery (CSRF) vulnerability in Admidio 3.3.5 that enables low-privilege users to escalate their permissions. The flaw resides in improper origin checking within roles_function.php, allowing attackers to craft malicious HTML forms that set role parameters (rol_assign_roles, rol_approve_users, rol_edit_user) to 1 without requiring authentication. The vulnerabil [truncated]

HIGH Admidio CVE published 2017-03-05

CVE-2017-6492

CVE-2017-6492 describes a SQL injection vulnerability in Admidio 3.2.5 affecting the dates_function.php code path. The issue is caused by concatenating the POST parameter dat_cat_id directly into a SQL query without input validation or sanitization. NVD rates the issue as CVSS 3.0 7.2 (HIGH) and maps it to CWE-89.