Vulnerabilities > Eyecomms

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-07	CVE-2019-17605	Authorization Bypass Through User-Controlled Key vulnerability in Eyecomms Eyecms 20191015 A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. network low complexity eyecomms CWE-639	8.8
2019-11-07	CVE-2019-17604	Authorization Bypass Through User-Controlled Key vulnerability in Eyecomms Eyecms 20191015 An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter). network low complexity eyecomms CWE-639	4.3

Vulnerabilities > Eyecomms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Eyecomms"}]}