CVE-2020-35273

HIGH

EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Cross-Site Request Forgery in User Profile Panel

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-35273. PoCs published by Hardik Solanki.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in EgavilanMedia User Registration & Login System 1.0, allowing an attacker to induce authenticated users to perform unintended actions, such as updating their profile. The PoC includes a crafted HTML form that submits a malicious request to the target application.

Description

EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account.

Exploits (1)

exploitdb WORKING POC

by Hardik Solanki · textwebappsmultiple

https://www.exploit-db.com/exploits/49151

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in EgavilanMedia User Registration & Login System 1.0, allowing an attacker to induce authenticated users to perform unintended actions, such as updating their profile. The PoC includes a crafted HTML form that submits a malicious request to the target application.

Classification

Working Poc 95%

Attack Type

Csrf

Complexity

Trivial

Reliability

Reliable

Target: EgavilanMedia User Registration & Login System with Admin Panel 1.0

Auth required

Prerequisites: Victim must be authenticated in the target application · Attacker must craft a malicious HTML form or URL

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

http://egavilanmedia.com

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/49151

Scores

CVSS v3 8.0

EPSS 0.0059

EPSS Percentile 43.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

egavilanmedia/user_registration_\&_login_system_with_admin_panel 1.0

Published Dec 21, 2020

Tracked Since Feb 18, 2026