High severity8.8NVD Advisory· Published Oct 9, 2020· Updated Jun 17, 2026
CVE-2020-26522
CVE-2020-26522
Description
A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Garfield/Petshopdescription
- Range: <=2020-10-01
Patches
Vulnerability mechanics
References
4- rysec.io/adv/Petshop_AddAdmin_Exploit.txtnvdExploitThird Party AdvisoryURL Repurposed
- packetstormsecurity.com/files/159520/Garfield-Petshop-2020-10-01-Cross-Site-Request-Forgery.htmlnvdThird Party Advisory
- demo.detapos.co.id/petshop/nvdPermissions RequiredThird Party Advisory
- detapos.convdThird Party Advisory
News mentions
0No linked articles in our index yet.