CVE-2019-17604

Name of the Vulnerable Software and Affected Versions eyecomms eyeCMS versions prior to 2019-10-15

Description The issue allows any candidate to modify other candidates' personal information, including first name, last name, email, CV, phone number, and other details, by altering the id parameter. This is an Insecure Direct Object Reference (IDOR) vulnerability.

Recommendations For versions prior to 2019-10-15, as a temporary workaround, consider restricting access to the id parameter to prevent unauthorized changes to candidate information. Additionally, avoid using the id parameter in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.