CVE-2020-37145 MEDIUM

CVE-2020-37145: HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)

Vendor Hrsale

Product HRSALE

Weakness CWE-352 · CSRF

Published February 5, 2026

Last update March 5, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges.

Key dates

02Disclosure timeline

February 5, 2026 CVE published

March 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-37145 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

CVE-2020-37145: HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)

01Description

02Disclosure timeline

03References

04Related CVE