CVE-2020-37091

EIP tracks 1 public exploit for CVE-2020-37091. PoCs published by Besim.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Maian Support Helpdesk 4.3, allowing an attacker to add an admin account or upload arbitrary files (including PHP shells) via crafted HTML forms. The PoC includes two separate payloads: one for admin creation and another for file upload.

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.