Vulnerability Database

321,672

Total vulnerabilities in the database

CVE-2020-37091

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.

Published: Feb 3, 2026
Updated: Feb 4, 2026
CVE: CVE-2020-37091
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-352

Affected Software
References

No affected software listed.

https://www.exploit-db.com/exploits/48386
https://www.maiansupport.com
https://www.vulncheck.com/advisories/maian-support-helpdesk-cross-site-request-forgery-add-admin

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo