Cross-Site Request Forgery in IceHrm 31.0.0.OS
CVE-2022-26588

6.5MEDIUM

Key Information:

Vendor

Icehrm

Status
Vendor
CVE Published:
8 April 2022

What is CVE-2022-26588?

A Cross-Site Request Forgery (CSRF) vulnerability exists in IceHrm version 31.0.0.OS, allowing attackers to exploit the app/service.php endpoint. This flaw can be leveraged to delete arbitrary user accounts or potentially take over existing accounts, posing significant risks to user data and system integrity.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.