3 matches found
CVE-2022-26588
A Cross-Site Request Forgery CSRF in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI...
CVE-2022-26588
IceHrm 31.0.0.OS is affected by a CSRF vulnerability where the app/service.php endpoint lacks CSRF token validation. This allows an attacker to delete arbitrary users or achieve account takeover via the affected interface. Public sources (e.g., PacketStorm, Exploit-DB) describe an exploit path an...
ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion
Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Deletion Date: 29/03/2022 Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 CVE:...