PT-2026-5485 · Unknown · Sistem Informasi Pengumuman Kelulusan Online
Extinction
·
Published
2026-01-30
·
Updated
2026-01-31
·
CVE-2020-37046
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sistem Informasi Pengumuman Kelulusan Online version 1.0
Description
The application contains a cross-site request forgery condition that permits attackers to add unauthorized admin users. This is achieved by exploiting the
tambahuser.php endpoint, where malicious HTML forms can be used to submit admin credentials and create new administrative accounts without proper authorization.Recommendations
Apply updates to address the issue in the
tambahuser.php endpoint.Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sistem Informasi Pengumuman Kelulusan Online