What is the CVSS score of CVE-2020-37091?

CVE-2020-37091 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of PHP are affected by CVE-2020-37091?

Organizations using Maian Support Helpdesk 4.3 should be aware of moderate risk from CVE-2020-37091, a cross-site request forgery vulnerability rated CVSS 5.3.

Is there a public PoC exploit available for CVE-2020-37091?

Yes, a public proof-of-concept exploit is available for CVE-2020-37091. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-37091?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify anti-CSRF tokens are enforced.

PHP CVE-2020-37091

MEDIUM

Cross-Site Request Forgery (CSRF) (CWE-352)

2026-02-03 disclosure@vulncheck.com

PHP CSRF

5.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.3 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 04, 2026 - 16:33 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 22:16 nvd

MEDIUM 5.3

DescriptionCVE.org

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.

AnalysisAI

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. [CVSS 5.3 MEDIUM]

Technical ContextAI

Classified as CWE-352 (Cross-Site Request Forgery (CSRF)). Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.

Affected ProductsAI

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authent

RemediationAI

Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.