Back to search
CVE-2019-17604
Published: Nov 7, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.eyecomms.com/Products/eyeCMS.html
x_refsource_MISC
https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now