CVE-2019-17604

EUVD-2019-7930
An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
eyecommseyecms
𝑥
≤ 2019-10-15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.eyecomms.com/Products/eyeCMS.html
https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5
http://www.eyecomms.com/Products/eyeCMS.html
https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5