Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Humatrix offers you the most comprehensive Human Resource management solution to cover all of your HR needs in a single integrated, easy to configure & use system that is accessible 24×7 through the web and mobile. The modular nature of Humatrix solution allows you to personalize and roll out only the modules you need, when you need it, helping you to reduce complexity, improve usability and productivity. (Information from Humanica homepage)
[Suggested description]
The Recruitment module in Humanica Humatrix 7 and allows an unauthenticated attacker to access all
candidates' information remotely on the website by modifying "selApp" parameter
on resumeDetail.cfm.
This includes personal information and other sensitive data of the applicants.
[Additional Information]
Attack type
Disclose personal data on the application.
Affected component
Humanica 7 version, Recruitment module
Attack vector
We found that the product could be accessed directly to the page that contain personal data of candidates. This could be done easily if the
url is known and the authentication is not required, moreover all candidates' data could be enumerated by changing the running number of the variable (selApp).
[Vulnerability Type]
Incorrect Access Control
[Vendor of Product]
[Affected Product Code Base]
Humanica 7 -,
[Affected Component]
Recruitment module
[Attack Type]
[Impact Information Disclosure]
[Attack Vectors]
To exploit vulnerability, an attacker needs to access to the vulnerable URL https://[target]/sunfish5/ehrm/humanica/recruitment_online/personalData/resumeDetail.cfm?selApp=[number]
Nuttakorn Dhiraprayudti
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment