CVE-2020-37091 | THREATINT

Description

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.

PUBLISHED Reserved 2026-02-01 | Published 2026-02-03 | Updated 2026-02-04 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

Cross-Site Request Forgery (CSRF)

Product status

4.3

affected

Credits

Besim ALTINOK finder

References

www.exploit-db.com/exploits/48386 (ExploitDB-48386) exploit

www.maiansupport.com (Vendor Homepage) product

www.vulncheck.com/...sk-cross-site-request-forgery-add-admin (VulnCheck Advisory: Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)) third-party-advisory

cve.org (CVE-2020-37091)

nvd.nist.gov (CVE-2020-37091)

Download JSON