Back to search
CVE-2019-17605
Published: Nov 7, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.eyecomms.com/Products/eyeCMS.html
x_refsource_MISC
https://gist.github.com/AhMyth/6d9c5e15d943dd092ccca19fca8d5d37
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now