CVE-2020-35737

HIGH

Newgen eGov <12.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-35737. PoCs published by ALI AL SINAN.

AI-analyzed exploit summary The exploit describes an Insecure Direct Object Reference (IDOR) vulnerability in Newgen Correspondence Management System (corms) eGov 12.0, where the 'UserIndex' parameter can be manipulated to access or modify other users' personal information.

Description

In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.

Exploits (1)

exploitdb WRITEUP
by ALI AL SINAN · textwebappsmultiple
https://www.exploit-db.com/exploits/49378

The exploit describes an Insecure Direct Object Reference (IDOR) vulnerability in Newgen Correspondence Management System (corms) eGov 12.0, where the 'UserIndex' parameter can be manipulated to access or modify other users' personal information.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Newgen Correspondence Management System (corms) eGov 12.0
Auth required
Prerequisites: Access to the personal settings page · Valid session or authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49378

Scores

CVSS v3 7.5
EPSS 0.1031
EPSS Percentile 95.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published
Products (1)
newgensoft/egov 12.0
Published Dec 30, 2020
Tracked Since Feb 18, 2026