CNNVD-202602-221 Information
CNNVD ID
CNNVD-202602-221
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Maian Media Maian Support是英国Maian Media公司的一个工单支持系统。 Maian Media Maian Support 4.3版本存在跨站请求伪造漏洞,该漏洞源于跨站请求伪造漏洞,攻击者可制作恶意HTML表单来添加管理员用户,并通过FAQ附件系统上传具有无限制文件上传能力的PHP文件。
Description (English)
Maian Media Maian Support is a worksheet support system for the British company Maian Media. The version 4.3 of Maian Media Maian Support contains a false gap in cross-site requests, which stems from cross-site requests for forgery, where the attackers can create malicious HTML forms to add administrator users and upload PHP files with unlimited upload capability through the FAQ attachment system.
Hazard Level
High
Vulnerability Type
跨站请求伪造
Affected Vendor
Maian Media
Published
2026-02-03
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/48386 https://www.maiansupport.com https://www.vulncheck.com/advisories/maian-support-helpdesk-cross-site-request-forgery-add-admin
Patch
https://www.maiansupport.com/download
Share on: