Newgen Correspondence Management System (corms) eGov 12.0 – IDOR

• Exploit Database
• 34 阅读

• 作者： ALI AL SINAN
  日期： 2021-01-06
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49378/

• # Exploit Title: Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
  # Date: 29 Dec 2020
  # Exploit Author: ALI AL SINAN
  # Vendor Homepage: https://newgensoft.com
  # Software Link: https://newgensoft.com/solutions/industries/government/e-gov-office/
  # Version: eGov 12.0
  # Tested on: JBoss EAP 7
  # CVE : CVE-2020-35737
  -----------------------------------------------------
  
  Description:
  
  Correspondence management is the process of handling official incoming and outgoing correspondence in government agencies. The word “correspondence” in this context refers to physical letters, direct e-delivery, emails and faxes along with all their attachments that are received by the government agencies.
  
  -----------------------------------------------------
  
  Vulnerability:
  
  Affected URL:
  http://server/corms/dist/#/web/home/workdesk/inbox
  
  Vulnerability Description:
  user can manipulate parameter “UserIndex” in personal setting page. this parameter can allow un-authorized access to view or change other user's personal information.