CVE-2019-16106

Name of the Vulnerable Software and Affected Versions Humanica Humatrix versions 1.0.0.203 through 1.0.0.681

Description The issue affects the Recruitment module, allowing an unauthenticated attacker to change the password of any user. This is achieved through the recruitment online/personalData/act acounttab.cfm endpoint, utilizing the txtNewUserName and hdNP fields.

Recommendations For Humanica Humatrix versions 1.0.0.203 through 1.0.0.681, consider restricting access to the recruitment online/personalData/act acounttab.cfm endpoint until a fix is available. As a temporary workaround, avoid using the txtNewUserName and hdNP fields in this endpoint to minimize the risk of exploitation.