CVE-2020-37217

Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add_user endpoint with POST requests containing username and password parameters to create new administrative accounts without explicit user consent.
Configurations

No configuration.

History

13 May 2026, 17:07

Type Values Removed Values Added
New CVE

Information

Published : 2026-05-13 16:16

Updated : 2026-06-17 03:17


NVD link : CVE-2020-37217

Mitre link : CVE-2020-37217

CVE.ORG link : CVE-2020-37217


JSON object : View

Products Affected

No product.

CWE
CWE-352

Cross-Site Request Forgery (CSRF)