CVE-2022-26588
MEDIUMIceHrm 31.0.0.OS - Cross-Site Request Forgery via Delete User Endpoint
Title source: llmDescription
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/166627/ICEHRM-31.0.0.0S-Cross-Site-Request-Forgery.html
Various Sources x_refsource_misc
https://medium.com/%40devansh3008/csrf-in-icehrm-31-0-0-0s-in-delete-user-endpoint-86a39ecf253f
Scores
CVSS v3
6.5
EPSS
0.0057
EPSS Percentile
43.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (1)
icehrm/icehrm
31.0.0.os
Published
Apr 08, 2022
Tracked Since
Feb 18, 2026