CVE-2019-17604

{"id": "CVE-2019-17604", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2019-11-07T16:15:11.077", "references": [{"url": "http://www.eyecomms.com/Products/eyeCMS.html", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.eyecomms.com/Products/eyeCMS.html", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter)."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Insecure Direct Object Reference (IDOR) en eyecomms eyeCMS hasta el 15-10-2019, permite a cualquier candidato cambiar la informaci\u00f3n personal de otros candidatos (nombre, apellido, correo electr\u00f3nico, CV, n\u00famero de tel\u00e9fono y toda otra informaci\u00f3n personal) mediante el cambio de valor del id del candidato (el par\u00e1metro id)."}], "lastModified": "2024-11-21T04:32:37.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eyecomms:eyecms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "346D52A7-F1C4-4D5C-BEB0-24A2C1E8B52B", "versionEndIncluding": "2019-10-15"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}