Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add_user endpoint with POST requests containing username and password parameters to create new administrative accounts without explicit user consent.
References
Configurations
No configuration.
History
13 May 2026, 17:07
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-13 16:16
Updated : 2026-06-17 03:17
NVD link : CVE-2020-37217
Mitre link : CVE-2020-37217
CVE.ORG link : CVE-2020-37217
JSON object : View
Products Affected
No product.
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
