A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-07T15:21:03
Updated: 2024-08-05T01:47:13.225Z
Reserved: 2019-10-15T00:00:00
Link: CVE-2019-17605
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-11-07T16:15:11.140
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-17605
Redhat
No data.