CVE-2020-37091
5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Maian Media | Maian Support Helpdesk | 4.3 | affected |
Weaknesses
- CWE-352: Cross-Site Request Forgery (CSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/48386
- https://www.maiansupport.com
- https://www.vulncheck.com/advisories/maian-support-helpdesk-cross-site-request-forgery-add-admin
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.