CVE-2020-37145
CSRF in HRSALE 1.1.8 Enables Unauthorized Admin Account Creation
Publication date: 2026-02-05
Last updated on: 2026-02-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hrsale | hrsale | 1.1.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-37145 is a Cross-Site Request Forgery (CSRF) vulnerability in HRSALE version 1.1.8 that allows attackers to add unauthorized administrative users through the employee registration form.
An attacker can craft a malicious HTML page with hidden form fields designed to trick authenticated administrators into unknowingly submitting requests that create new user accounts with elevated privileges.
This attack requires the administrator to be authenticated and to interact with the malicious page, which then performs the unauthorized action without their explicit consent.
How can this vulnerability impact me? :
This vulnerability allows attackers to escalate privileges by adding unauthorized administrative users to the HRSALE system.
As a result, attackers can gain administrative control over the system, potentially compromising sensitive HR data and system integrity.
Because the attack exploits the trust of authenticated administrators, it can lead to unauthorized access and manipulation of employee records and other critical information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized creation of administrative users through the employee registration form, especially via POST requests to the endpoint /admin/employees/add_employee.'}, {'type': 'paragraph', 'content': 'You can look for suspicious POST requests containing parameters that create new users with elevated privileges, such as role=admin.'}, {'type': 'paragraph', 'content': 'A practical approach is to inspect web server logs for POST requests to /admin/employees/add_employee with unusual or unexpected user creation parameters.'}, {'type': 'paragraph', 'content': 'Example commands to detect such activity might include:'}, {'type': 'list_item', 'content': "Using grep on web server logs to find POST requests to the vulnerable endpoint: grep 'POST /admin/employees/add_employee' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "Searching for creation of admin users by filtering for role=admin in POST data (if logs contain POST data): grep 'role=admin' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': 'Monitoring for new user accounts with administrative privileges created recently in the application database or user management system.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing proper CSRF protections on the employee registration form to prevent unauthorized requests.
Ensure that the application requires a valid, unpredictable CSRF token for all state-changing requests, especially those that create or modify user accounts.
Restrict the ability to add administrative users to trusted and authenticated sessions only, and consider adding additional verification steps such as multi-factor authentication.
Review and monitor user creation logs to detect and remove any unauthorized administrative accounts created via this vulnerability.
If possible, update or patch the HRSALE application to a version that addresses this vulnerability.