Detections
Analytics

CVE-2020-37091

medium

Description

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.

References

https://www.vulncheck.com/advisories/maian-support-helpdesk-cross-site-request-forgery-add-admin

https://www.maiansupport.com

https://www.exploit-db.com/exploits/48386

Details

Source: Mitre, NVD

Published: 2026-02-03

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00023