CVE-2020-35737

HIGH

Newgen eGov <12.0 - Info Disclosure

Title source: llm

Description

In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.

Exploits (1)

exploitdb WRITEUP

by ALI AL SINAN · textwebappsmultiple

https://www.exploit-db.com/exploits/49378

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49378

Scores

CVSS v3 7.5

EPSS 0.1084

EPSS Percentile 93.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published

Products (1)

newgensoft/egov 12.0

Published Dec 30, 2020

Tracked Since Feb 18, 2026