CVE-2020-37091

Name of the Vulnerable Software and Affected Versions Maian Support Helpdesk version 4.3

Description The software contains a cross-site request forgery condition that permits attackers to create administrative accounts without needing to authenticate. Attackers can construct malicious HTML forms to add administrative users and upload PHP files. The file upload through the FAQ attachment system has no restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.