CVE-2019-17605

Name of the Vulnerable Software and Affected Versions eyecomms eyeCMS versions prior to 2019-10-15

Description A mass assignment issue allows any candidate to take over another candidate's account by exploiting a modified candidate id and an additional password parameter, resulting in the password of the targeted candidate being changed.

Recommendations For versions prior to 2019-10-15, consider restricting access to the account management functionality to prevent exploitation until a fix is available. Avoid using the password parameter in conjunction with a modified candidate id to minimize the risk of account takeover.