Insecure Direct Object Reference in Newgen eGov 12.0's Correspondence Management System (CORMS) Allows Unauthorized Profile Modification
CVE-2020-35737 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
Learn more about our User Device Pen Test.