CVE-2020-37046 – Sistem Informasi Pengumuman Kelulusan Online 1.0 – Cross-Site Request Forgery

CVE ID : CVE-2020-37046

Published : Jan. 30, 2026, 11:16 p.m. | 1 hour, 56 minutes ago

Description : Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative accounts without the victim’s consent.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…