RSS   Vulnerabilities for 'Eyecms'   RSS

2019-11-07
 
CVE-2019-17605

CWE-863
 

 
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed.

 
 
CVE-2019-17604

CWE-20
 

 
An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter).

 


Copyright 2024, cxsecurity.com

 

Back to Top