CVE-2020-35737

Published: Dec 30, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486

x_refsource_MISC

http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html

x_refsource_MISC

https://www.exploit-db.com/exploits/49378

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-35737

Description

Affected Products

References