CVE-2020-37145

Medium CVSS: 5.1

HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges.

Vendor

Product

CWE

CWE-352

Yayın Tarihi

2026-02-05 17:16:10

Güncelleme

2026-02-05 20:47:37

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-352 MEDIUM 2026

Referanslar

https://web.archive.org/web/20200109113640/http://hrsale.com/ https://www.exploit-db.com/exploits/48205 https://www.vulncheck.com/advisories/hrsale-cross-site-request-forgery-add-admin