CVE-2019-14932

Name of the Vulnerable Software and Affected Versions Humanica Humatrix versions 1.0.0.681 and 1.0.0.203

Description The issue allows remote attackers to access sensitive data, including personal information, by modifying the selApp variable to access the "personalData/resumeDetail.cfm" endpoint. This affects the Recruitment module, potentially exposing all candidates' information on the website.

Recommendations For version 1.0.0.681, restrict access to the "personalData/resumeDetail.cfm" endpoint to minimize the risk of exploitation. For version 1.0.0.203, avoid using the modified selApp variable in the Recruitment module until the issue is resolved. As a temporary workaround, consider disabling access to the Recruitment module until a fix is available.