Login Sign Up

CVE-2020-35273

8.0 HIGH
Authentication Bypass CSRF

📋 TL;DR

This CSRF vulnerability in EgavilanMedia User Registration & Login System 1.0 allows attackers to trick authenticated users into submitting malicious requests that can update any user's account, including privilege escalation. All users of this specific software version are affected. The attack requires the victim to be logged into the vulnerable system.

💻 Affected Systems

Products:
  • EgavilanMedia User Registration & Login System with Admin Panel
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects this specific version of the software. Requires the User Profile panel functionality to be accessible.

📦 What is this software?

User Registration \& Login System With Admin Panel by Egavilanmedia

View all CVEs affecting User Registration \& Login System With Admin Panel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain administrative privileges, take over all user accounts, modify system settings, or deploy backdoors for persistent access.

🟠

Likely Case

Attackers would typically modify victim accounts to change passwords, email addresses, or user roles to gain unauthorized access.

🟢

If Mitigated

With proper CSRF protections, the attack would fail as the system would reject unauthorized cross-origin requests.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires the victim to be authenticated and visit a malicious page while logged in. Public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://egavilanmedia.com

Restart Required: No

Instructions:

No official patch available. Consider implementing CSRF tokens manually or replacing the software.

🔧 Temporary Workarounds

Implement CSRF Token Protection

all

Add CSRF tokens to all state-changing forms and validate them server-side

Manual code modification required - add unique tokens to forms and validate on submission

SameSite Cookie Attribute

all

Set SameSite=Strict or SameSite=Lax on session cookies

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

  • Implement WAF rules to detect and block CSRF patterns
  • Monitor user account changes and implement approval workflows for sensitive modifications

🔍 How to Verify

Check if Vulnerable:

Check if forms in User Profile panel lack CSRF tokens and accept POST requests without token validation

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Test that all forms now include unique CSRF tokens that are validated server-side

📡 Detection & Monitoring

Log Indicators:

  • Multiple user profile updates from same IP in short time
  • User role changes without proper authentication logs

Network Indicators:

  • POST requests to user profile endpoints without Referer header validation
  • Requests with missing or invalid CSRF tokens

SIEM Query:

source="web_logs" AND (uri="/user/profile/update" OR uri="/admin/user/modify") AND (NOT csrf_token=*)

📊 Metadata

CVE ID: CVE-2020-35273
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: December 21, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35273, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)