CVE-2020-9271

MEDIUM

Icehrm - CSRF

Title source: rule

ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

CVSS v3 6.5

EPSS 0.0016

EPSS Percentile 36.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

CWE-352

Status published

Products (1)

icehrm/icehrm 26.2.0.os

Published Feb 18, 2020

Tracked Since Feb 18, 2026