CVE-2020-37007

MEDIUM

Liman 0.7 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37007. PoCs published by George Tsimpidas.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Liman 0.7, allowing an attacker to change a victim's account information or password via crafted HTML forms. The PoC includes two HTML files targeting profile and password endpoints without CSRF protection.

Description

Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting unauthorized requests.

Exploits (1)

exploitdb WORKING POC
by George Tsimpidas · textwebappsmultiple
https://www.exploit-db.com/exploits/48869

This exploit demonstrates a CSRF vulnerability in Liman 0.7, allowing an attacker to change a victim's account information or password via crafted HTML forms. The PoC includes two HTML files targeting profile and password endpoints without CSRF protection.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Liman 0.7
Auth required
Prerequisites: Victim must be logged into the Liman application · Attacker must deliver the crafted HTML to the victim
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.3
EPSS 0.0016
EPSS Percentile 5.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
salihciftci/liman 0.7
Published Jan 29, 2026
Tracked Since Feb 18, 2026