CVE-2020-37217
Severity CVSS v4.0:
MEDIUM
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
13/05/2026
Last modified:
13/05/2026
Description
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add_user endpoint with POST requests containing username and password parameters to create new administrative accounts without explicit user consent.
Impact
Base Score 4.0
5.10
Severity 4.0
MEDIUM
Base Score 3.x
4.30
Severity 3.x
MEDIUM



