CVE-2019-25064

MEDIUM

CoreHR Core Portal < 27.0.7 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://vuldb.com/?id.146832

Scores

CVSS v3 4.3
EPSS 0.0038
EPSS Percentile 30.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
theaccessgroup/corehr_core_portal 27.0.0 - 27.0.7
Published Jun 09, 2022
Tracked Since Feb 18, 2026