CVE-2020-6844

HIGH

TopManage OLK 2020 - Cross-Site Request Forgery in Login

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-6844. PoCs published by Joel Aviad Ossi.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in OLK Web Store 2020. It sends a crafted POST request to the login endpoint with manipulated parameters, potentially bypassing authentication or performing unauthorized actions.

Description

In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts.

Exploits (1)

exploitdb WORKING POC

by Joel Aviad Ossi · textwebappsasp

https://www.exploit-db.com/exploits/47960

View Code ZIP pw:eip

This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in OLK Web Store 2020. It sends a crafted POST request to the login endpoint with manipulated parameters, potentially bypassing authentication or performing unauthorized actions.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: OLK Web Store 2020

No auth needed

Prerequisites: Access to the target application's login page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://websec.nl/news.php

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/47960

Scores

CVSS v3 8.8

EPSS 0.0072

EPSS Percentile 49.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

topmanage/olk_webstore 2020

Published Feb 18, 2020

Tracked Since Feb 18, 2026