Ali Al Sinan

**Name of the Vulnerable Software and Affected Versions** Newgen eGov version 12.0 **Description** The issue allows an attacker to modify other users' profile information by manipulating the unvalidated `UserIndex` parameter, which is an example of an Insecure Direct Object Reference. This means that an attacker can access and alter sensitive information of other users without proper authorization. **Recommendations** For Newgen eGov version 12.0, consider restricting access to the `UserIndex` parameter to prevent unauthorized modifications to user profiles. As a temporary workaround, restrict the ability to modify other users' profile information until a proper validation mechanism for the `UserIndex` parameter is implemented.