7 matches found
Newgen Correspondence Management System eGov 12.0 Insecure Direct Object Reference
Exploit Title: Newgen Correspondence Management System corms eGov 12.0 - IDOR Date: 29 Dec 2020 Exploit Author: ALI AL SINAN Vendor Homepage: https://newgensoft.com Software Link: https://newgensoft.com/solutions/industries/government/e-gov-office/ Version: eGov 12.0 Tested on: JBoss EAP 7 CVE :...
Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
Exploit Title: Newgen Correspondence Management System corms eGov 12.0 - IDOR Date: 29 Dec 2020 Exploit Author: ALI AL SINAN Vendor Homepage: https://newgensoft.com Software Link: https://newgensoft.com/solutions/industries/government/e-gov-office/ Version: eGov 12.0 Tested on: JBoss EAP 7 CVE :...
CVE-2020-35737
In Correspondence Management System corms in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference...
Design/Logic Flaw
In Correspondence Management System corms in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference...
CVE-2020-35737
CVE-2020-35737 affects Newgen eGov 12.0, specifically the Correspondence Management System (corms). The vulnerability is an Insecure Direct Object Reference caused by an unvalidated UserIndex parameter in the personal settings page, allowing an attacker to modify other users’ profile information....
CVE-2020-35737
In Correspondence Management System corms in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference...
Newgen Egov Correspondence Management System Security Breach
Newgen Egov Correspondence Management System is a correspondence management software for office environments from Newgen USA. A security vulnerability exists in Newgen eGov 12.0 Correspondence Management System, which can be exploited by an attacker to modify another user's personal information...