CVE-2020-37091 MEDIUM

CVE-2020-37091: Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)

Vendor Maian Media
Product Maian Support Helpdesk
Weakness CWE-352 · CSRF
Published February 3, 2026
Last update February 4, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.

Key dates

02Disclosure timeline

February 3, 2026 CVE published
February 4, 2026 Record updated

Related vulnerabilities

04Related CVE