Description
An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter).
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
http://www.eyecomms.com/Products/eyeCMS.html
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5
Scores
CVSS v3
4.3
EPSS
0.0022
EPSS Percentile
44.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-639
Status
published
Products (1)
eyecomms/eyecms
< 2019-10-15
Published
Nov 07, 2019
Tracked Since
Feb 18, 2026