CVE-2020-37145

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N                                    

Vulnerability Description

HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges.

Vulnerability Details

Published Date

February 05, 2026

Last Modified

February 05, 2026

CWE ID

CWE-352

Source

NVD

Vendor

HRSALE

Product

HRSALE

External References

https://web.archive.org/web/20200109113640/http://hrsale.com/
https://www.exploit-db.com/exploits/48205
https://www.vulncheck.com/advisories/hrsale-cross-site-request-forgery-add-admin

CVE-2020-37145

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment