Created
August 12, 2019 09:36
-
-
Save donut117/1ddbb8290a1186502da81b46a5d53c63 to your computer and use it in GitHub Desktop.
CVE-2019-14932
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Description] | |
Humatrix offers you the most comprehensive Human Resource management solution to cover all of your HR needs in a single integrated, easy to configure & use system that is accessible 24×7 through the web and mobile. The modular nature of Humatrix solution allows you to personalize and roll out only the modules you need, when you need it, helping you to reduce complexity, improve usability and productivity. (Information from Humanica homepage) | |
[Suggested description] | |
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and | |
1.0.0.203 allows an unauthenticated attacker to access all | |
candidates' information remotely on the website by modifying "selApp" parameter | |
on resumeDetail.cfm. | |
This includes personal information and other sensitive data of the applicants. | |
------------------------------------------ | |
[Additional Information] | |
Attack type | |
Remote | |
Impact | |
Disclose personal data on the application. | |
Affected component | |
Humanica 7 version 1.0.0.681, 1.0.0.203 Recruitment module | |
Attack vector | |
We found that the product could be accessed directly to the page that contain personal data of candidates. This could be done easily if the | |
url is known and the authentication is not required, moreover all candidates' data could be enumerated by changing the running number of the variable (selApp). | |
------------------------------------------ | |
[Vulnerability Type] | |
Incorrect Access Control | |
------------------------------------------ | |
[Vendor of Product] | |
Humanica | |
------------------------------------------ | |
[Affected Product Code Base] | |
Humanica 7 - 1.0.0.681, 1.0.0.203 | |
------------------------------------------ | |
[Affected Component] | |
Recruitment module | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Impact Information Disclosure] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
To exploit vulnerability, an attacker needs to access to the vulnerable URL https://[target]/sunfish5/ehrm/humanica/recruitment_online/personalData/resumeDetail.cfm?selApp=[number] | |
------------------------------------------ | |
[Reference] | |
https://www.humatrix7.com/sunfish5/ehrm/humanica/recruitment_online/login.cfm | |
------------------------------------------ | |
[Discoverer] | |
Nuttakorn Dhiraprayudti |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment