eyecomms eyeCMS Incorrect Authorization Vulnerability

Summary

A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate’s account via a modified candidate id and an additional password parameter.

Credit:

The information has been provided by Vendor 

The original article can be found at:http://www.eyecomms.com/Products/eyeCMS.html


Details

The outcome is that the password of this other candidate is changed.

 

Vulnerable Systems:

eyecomms eyeCMS 

 

CVE Information:

CVE-2019-17605

 

Disclosure Timeline:
Published Date:11/7/2019