CVE-2020-36906

Description

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form.

PUBLISHED Reserved 2025-12-23 | Published 2026-01-06 | Updated 2026-01-06 | Assigner VulnCheck

Problem types

Cross-Site Request Forgery (CSRF)

Product status

Credits

iej1ctk1g finder

References

www.exploit-db.com/exploits/48362 (ExploitDB-48362) exploit

www.p5.hu (Official Product Homepage) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php (Zero Science Lab Disclosure (ZSL-2020-5564)) third-party-advisory

packetstorm.news/files/id/157318 (Packet Storm Security Exploit Entry) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/180252 (IBM X-Force Vulnerability Exchange 1) vdb-entry

exchange.xforce.ibmcloud.com/vulnerabilities/180253 (IBM X-Force Vulnerability Exchange 2) vdb-entry

www.vulncheck.com/...ite-request-forgery-via-user-management (VulnCheck Advisory: P5 FNIP-8x16A FNIP-4xSH 1.0.20 Cross-Site Request Forgery via User Management) third-party-advisory

cve.org (CVE-2020-36906)

nvd.nist.gov (CVE-2020-36906)

Download JSON