Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable CSRF with no attacker privileges; mandatory user interaction (UI:R); integrity-only impact limited to department data deletion.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used.
AnalysisAI
Cross-site request forgery in CodeAstro Human Resource Management System 1.0 enables remote attackers to perform unauthorized state-changing actions - specifically department deletion - by tricking an authenticated user into visiting a crafted malicious page. The exploit targets the department deletion endpoint and publicly available proof-of-concept code has been published on GitHub, lowering the bar for exploitation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a human user with an active authenticated session in the CodeAstro HR Management System visit or be redirected to an attacker-controlled page or resource that contains the forged CSRF payload. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.3 with vector AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N reflects a medium-severity, integrity-limited vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a web page containing a hidden HTML form that auto-submits a POST request to the target organization's CodeAstro HR system department deletion endpoint. The attacker then social-engineers an authenticated HR administrator into visiting the malicious page - for example, via a phishing email with a link disguised as an HR policy document. … |
| Remediation | No vendor-released patch or fixed version has been identified at time of analysis; patch status is unknown as no advisory was found at https://codeastro.com/. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to e
A vulnerability was found in SourceCodester Human Resource Management System 1.0. Rated critical severity (CVSS 9.8), th
A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0
Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter
Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalat
Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit paramete
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. Rated high
A vulnerability was found in SourceCodester Human Resource Management System 1.0. Rated high severity (CVSS 7.2), this v
A vulnerability, which was classified as critical, has been found in 1000 Projects Human Resource Management System 1.0.
A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. Rated medium s
A vulnerability was found in SourceCodester Human Resource Management System. Rated medium severity (CVSS 6.5), this vul
A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Rated m
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40035
GHSA-c7qf-p72p-2xj2