CVE Details
Basic Information
| Title | Intera InHire server-side request forgery |
|---|---|
| Type | cve |
| Published | 2025-06-16T22:00:19.298Z |
| Last Seen |
Product Information
| Vendor | Intera |
|---|---|
| Product | InHire |
| Version | 20250530 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A server-side request forgery vulnerability in Intera InHire up to version 20250530 allows remote attackers to exploit the system by manipulating a specific argument. This vulnerability is considered critical and has been publicly disclosed. The vendor has not responded to the disclosure. |
|---|---|
| AI Severity | Medium |
| Vendor | Intera |
| Product | Intera InHire |
| Affected Version | 20250530 |
Affected Products
- Intera InHire 20250530
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-918 |
| Bulletin Family |
References
Description
A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.