Humanica · Humatrix · CVE-2019-14932
**Name of the Vulnerable Software and Affected Versions**
Humanica Humatrix versions 1.0.0.681 and 1.0.0.203
**Description**
The issue allows remote attackers to access sensitive data, including personal information, by modifying the `selApp` variable to access the "personalData/resumeDetail.cfm" endpoint. This affects the Recruitment module, potentially exposing all candidates' information on the website.
**Recommendations**
For version 1.0.0.681, restrict access to the "personalData/resumeDetail.cfm" endpoint to minimize the risk of exploitation.
For version 1.0.0.203, avoid using the modified `selApp` variable in the Recruitment module until the issue is resolved.
As a temporary workaround, consider disabling access to the Recruitment module until a fix is available.