exploitDog

CVE-2019-17604

Опубликовано: 07 нояб. 2019

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter).

Ссылки

http://www.eyecomms.com/Products/eyeCMS.html
Product
Vendor Advisory
https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5
Exploit
Third Party Advisory
http://www.eyecomms.com/Products/eyeCMS.html
Product
Vendor Advisory
https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eyecomms:eyecms:*:*:*:*:*:*:*:*

Версия до 2019-10-15 (включая)

EPSS

Процентиль: 45%

0.00229

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-c2j6-8832-j4m5

github

больше 3 лет назад

An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter).

EPSS

Процентиль: 45%

0.00229

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639