Sohil Garg

**Name of the Vulnerable Software and Affected Versions** Newgen OmniDocs (affected versions not specified) **Description** The issue allows remote attackers to bypass intended access restrictions. This can be achieved through modifying the `FolderRights` parameter to the "doccab/doclist.jsp" endpoint, leading to arbitrary permission changes. Alternatively, modifying the `UserIndex` parameter to the "doccab/userprofile/editprofile.jsp" endpoint allows selecting the settings page of an arbitrary user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.