Description
A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used.
Severity (CVSS)
| Base score | 5.3 |
|---|---|
| Severity | Medium |
| Version | CVSS 4.0 |
| Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| Provided by | CNA |
Weaknesses
- CWE-352 — Cross-Site Request Forgery
- CWE-862 — Missing Authorization
Affected products
| Vendor | Product | Versions |
|---|---|---|
| CodeAstro | Human Resource Management System | 1.0 |
References
- https://vuldb.com/vuln/374545 (vdb-entry)
- https://vuldb.com/vuln/374545/cti (signature permissions-required)
- https://vuldb.com/cve/CVE-2026-13537 (third-party-advisory)
- https://vuldb.com/submit/842084 (third-party-advisory)
- https://github.com/ashikmd0507/CVE/tree/main/CSRF%20in%20Department%20Deletion%20Endpoint (exploit)
- https://codeastro.com/ (product)
Generated from the official CVE List on 29 Jun 2026 07:08 UTC.