1.0.0.681

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

humanica

CWE-639

NVD

Published: 2019-08-12

Updated: 2021-07-21

Summary

The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data.

Vulnerable Configurations

Part	Description	Count
Application	Humanica Humanica Humatrix 7 1.0.0.203 Humanica Humatrix 7 1.0.0.681	2

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://gist.github.com/donut117/1ddbb8290a1186502da81b46a5d53c63