CVE-2020-37091

MEDIUM

Maian Support Helpdesk <4.3 - CSRF

Title source: llm

Description

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.

Exploits (1)

exploitdb WORKING POC

by Besim · textwebappsphp

https://www.exploit-db.com/exploits/48386

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48386

[Various Sources] https://www.maiansupport.com

[Third Party Advisory] https://www.vulncheck.com/advisories/maian-support-helpdesk-cross-site-request-forgery-add-admin

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

Maian Media/Maian Support Helpdesk 4.3

Published Feb 03, 2026

Tracked Since Feb 18, 2026