CVE-2019-25064

Published: Jun 9, 2022Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component.

Affected (1)

Products: Theaccessgroup: Corehr Core Portal

1 product

Corehr Core Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Theaccessgroup Corehr Core Portal	From 27.0.0 to 27.0.7

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://vuldb.com/?id.146832

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?id.146832

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.