CVE-2020-37046
Unknown Unknown - Not Provided

CSRF Vulnerability in Sistem Informasi Pengumuman Kelulusan Online Allows Unauthorized Admin Creation

Vulnerability report for CVE-2020-37046, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-30

Last updated on: 2026-01-30

Assigner: VulnCheck

Description

Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative accounts without the victim's consent.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-30
Last Modified
2026-01-30
Generated
2026-07-06
AI Q&A
2026-01-31
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
adikiss sistem_informasi_pengumuman_kelulusan_online 1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a cross-site request forgery (CSRF) in Sistem Informasi Pengumuman Kelulusan Online 1.0 that allows attackers to add unauthorized admin users by exploiting the tambahuser.php endpoint. Attackers can create a malicious HTML form that submits admin credentials to create new administrative accounts without the victim's consent.

Impact Analysis

This vulnerability can allow attackers to gain unauthorized administrative access to the system by creating new admin accounts. This can lead to unauthorized control over the application, potentially compromising the integrity and security of the system.

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests to the tambahuser.php endpoint for suspicious POST requests that attempt to add new admin users without proper authorization. You can use network traffic analysis tools like Wireshark or tcpdump to capture and inspect such requests. For example, using tcpdump: tcpdump -i <interface> -A -s 0 'tcp port 80 or tcp port 443' | grep 'tambahuser.php'. Additionally, reviewing web server logs for POST requests to tambahuser.php that include admin user creation parameters can help identify exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include implementing CSRF protection mechanisms such as requiring CSRF tokens on the tambahuser.php endpoint, validating the origin of requests, and enforcing proper authentication and authorization checks before allowing admin user creation. Additionally, restricting access to the tambahuser.php endpoint to trusted users only and monitoring for suspicious activity can help reduce risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37046. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart