CVE-2020-37046
Unknown Unknown - Not Provided
CSRF Vulnerability in Sistem Informasi Pengumuman Kelulusan Online Allows Unauthorized Admin Creation

Publication date: 2026-01-30

Last updated on: 2026-01-30

Assigner: VulnCheck

Description
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative accounts without the victim's consent.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-30
Last Modified
2026-01-30
Generated
2026-06-16
AI Q&A
2026-01-31
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37046
EUVD
EUVD-2020-30933
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
adikiss sistem_informasi_pengumuman_kelulusan_online 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a cross-site request forgery (CSRF) in Sistem Informasi Pengumuman Kelulusan Online 1.0 that allows attackers to add unauthorized admin users by exploiting the tambahuser.php endpoint. Attackers can create a malicious HTML form that submits admin credentials to create new administrative accounts without the victim's consent.

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests to the tambahuser.php endpoint for suspicious POST requests that attempt to add new admin users without proper authorization. You can use network traffic analysis tools like Wireshark or tcpdump to capture and inspect such requests. For example, using tcpdump: tcpdump -i <interface> -A -s 0 'tcp port 80 or tcp port 443' | grep 'tambahuser.php'. Additionally, reviewing web server logs for POST requests to tambahuser.php that include admin user creation parameters can help identify exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include implementing CSRF protection mechanisms such as requiring CSRF tokens on the tambahuser.php endpoint, validating the origin of requests, and enforcing proper authentication and authorization checks before allowing admin user creation. Additionally, restricting access to the tambahuser.php endpoint to trusted users only and monitoring for suspicious activity can help reduce risk.

Impact Analysis

This vulnerability can allow attackers to gain unauthorized administrative access to the system by creating new admin accounts. This can lead to unauthorized control over the application, potentially compromising the integrity and security of the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37046. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart