CVE-2020-37144

MEDIUM

Exagate Sysguard 6001 - Cross-Site Request Forgery via /kulyon.php Admin Account Creation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37144. PoCs published by Metin Yunus Kandemir.

AI-analyzed exploit summary This is a CSRF PoC that exploits a vulnerability in Exagate Sysguard 6001 to add an admin user by submitting a crafted form. The exploit does not require authentication and is trivial to execute.

Description

Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without the victim's consent.

Exploits (1)

exploitdb WORKING POC
by Metin Yunus Kandemir · textwebappsphp
https://www.exploit-db.com/exploits/48234

This is a CSRF PoC that exploits a vulnerability in Exagate Sysguard 6001 to add an admin user by submitting a crafted form. The exploit does not require authentication and is trivial to execute.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Exagate Sysguard 6001
No auth needed
Prerequisites: Victim must visit the malicious HTML page while authenticated to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.3
EPSS 0.0018
EPSS Percentile 7.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
Exagate/Sysguard 6001 6001
Published Feb 05, 2026
Tracked Since Feb 18, 2026