Vulnerabilities > CVE-2020-35737 - Unspecified vulnerability in Newgensoft Egov 12.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html
- http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html
- https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486
- https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486
- https://www.exploit-db.com/exploits/49378
- https://www.exploit-db.com/exploits/49378