CVE-2020-35737

EUVD-2020-23393
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
newgensoftegov
12.0
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html
https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486
https://www.exploit-db.com/exploits/49378
http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html
https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486
https://www.exploit-db.com/exploits/49378