CVE-2020-37145

EUVD-2020-31039
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulnCheckCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
hrsalehrsale
1.1.8
CNA
Common Weakness Enumeration
References
https://web.archive.org/web/20200109113640/http://hrsale.com/
https://www.exploit-db.com/exploits/48205
https://www.vulncheck.com/advisories/hrsale-cross-site-request-forgery-add-admin