CVE-2020-37007 | THREATINT

Description

Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting unauthorized requests.

PUBLISHED Reserved 2026-01-27 | Published 2026-01-29 | Updated 2026-02-17 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status

unaffected

0.7

affected

Credits

George Tsimpidas finder

References

www.exploit-db.com/exploits/48869 exploit

www.exploit-db.com/exploits/48869 (ExploitDB-48869) exploit

web.archive.org/...2653/https://github.com/salihciftci/liman (Archived Liman GitHub Repository) product

www.vulncheck.com/...ss-site-request-forgery-change-password (VulnCheck Advisory: Liman 0.7 - Cross-Site Request Forgery (Change Password)) third-party-advisory

cve.org (CVE-2020-37007)

nvd.nist.gov (CVE-2020-37007)

Download JSON