Ismail Akıcı

**Name of the Vulnerable Software and Affected Versions** HRSALE version 1.1.8 **Description** HRSALE version 1.1.8 is susceptible to a cross-site request forgery condition. This allows attackers to add unauthorized administrative users via the employee registration form. An attacker can create a malicious HTML page containing hidden form fields to deceive authenticated administrators into creating new user accounts with elevated privileges. The attack targets the employee registration form. **Recommendations** HRSALE version 1.1.8 should be updated to a fixed version when available.