Search criteria
2 vulnerabilities by eyecomms
CVE-2019-17604 (GCVE-0-2019-17604)
Vulnerability from cvelistv5 – Published: 2019-11-07 15:24 – Updated: 2024-08-05 01:47
VLAI
Summary
An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.eyecomms.com/Products/eyeCMS.html | x_refsource_MISC |
| https://gist.github.com/AhMyth/b0f7e4b8244def8eb8… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eyecomms.com/Products/eyeCMS.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates\u0027 personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T15:24:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eyecomms.com/Products/eyeCMS.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates\u0027 personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eyecomms.com/Products/eyeCMS.html",
"refsource": "MISC",
"url": "http://www.eyecomms.com/Products/eyeCMS.html"
},
{
"name": "https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5",
"refsource": "MISC",
"url": "https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17604",
"datePublished": "2019-11-07T15:24:34.000Z",
"dateReserved": "2019-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:47:13.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17605 (GCVE-0-2019-17605)
Vulnerability from cvelistv5 – Published: 2019-11-07 15:21 – Updated: 2024-08-05 01:47
VLAI
Summary
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.eyecomms.com/Products/eyeCMS.html | x_refsource_MISC |
| https://gist.github.com/AhMyth/6d9c5e15d943dd092c… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eyecomms.com/Products/eyeCMS.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/AhMyth/6d9c5e15d943dd092ccca19fca8d5d37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate\u0027s account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T15:21:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eyecomms.com/Products/eyeCMS.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/AhMyth/6d9c5e15d943dd092ccca19fca8d5d37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate\u0027s account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eyecomms.com/Products/eyeCMS.html",
"refsource": "MISC",
"url": "http://www.eyecomms.com/Products/eyeCMS.html"
},
{
"name": "https://gist.github.com/AhMyth/6d9c5e15d943dd092ccca19fca8d5d37",
"refsource": "MISC",
"url": "https://gist.github.com/AhMyth/6d9c5e15d943dd092ccca19fca8d5d37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17605",
"datePublished": "2019-11-07T15:21:03.000Z",
"dateReserved": "2019-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:47:13.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}