CVE-2020-37091

Medium CVSS: 5.1

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.

Vendor

Product

CWE

CWE-352

Yayın Tarihi

2026-02-03 22:16:25

Güncelleme

2026-02-04 16:33:44

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-352 MEDIUM 2026

Referanslar

https://www.exploit-db.com/exploits/48386 https://www.maiansupport.com https://www.vulncheck.com/advisories/maian-support-helpdesk-cross-site-request-forgery-add-admin