donut117/CVE-2019-14932

## CVE-2019-14932
[Description]
Humatrix offers you the most comprehensive Human Resource management solution to cover all of your HR needs in a single integrated, easy to configure & use system that is accessible 24×7 through the web and mobile.  The modular nature of Humatrix solution allows you to personalize and roll out only the modules you need, when you need it, helping you to reduce complexity, improve usability and productivity. (Information from Humanica homepage)

[Suggested description]
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and
1.0.0.203 allows an unauthenticated attacker to access all
candidates' information remotely on the website by modifying "selApp" parameter
on resumeDetail.cfm.

This includes personal information and other sensitive data of the applicants.

------------------------------------------

[Additional Information]
Attack type
Remote

Impact
Disclose personal data on the application.

Affected component
Humanica 7 version 1.0.0.681, 1.0.0.203 Recruitment module

Attack vector
We found that the product could be accessed directly to the page that contain personal data of candidates. This could be done easily if the
url is known and the authentication is not required, moreover all candidates' data could be enumerated by changing the running number of the variable (selApp).

------------------------------------------

[Vulnerability Type]
Incorrect Access Control

------------------------------------------

[Vendor of Product]
Humanica

------------------------------------------

[Affected Product Code Base]
Humanica 7 - 1.0.0.681, 1.0.0.203

------------------------------------------

[Affected Component]
Recruitment module

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[Attack Vectors]
To exploit vulnerability, an attacker needs to access to the vulnerable URL https://[target]/sunfish5/ehrm/humanica/recruitment_online/personalData/resumeDetail.cfm?selApp=[number]

------------------------------------------

[Reference]
https://www.humatrix7.com/sunfish5/ehrm/humanica/recruitment_online/login.cfm

------------------------------------------

[Discoverer]
Nuttakorn Dhiraprayudti
	[Description]
	Humatrix offers you the most comprehensive Human Resource management solution to cover all of your HR needs in a single integrated, easy to configure & use system that is accessible 24×7 through the web and mobile. The modular nature of Humatrix solution allows you to personalize and roll out only the modules you need, when you need it, helping you to reduce complexity, improve usability and productivity. (Information from Humanica homepage)

	[Suggested description]
	The Recruitment module in Humanica Humatrix 7 1.0.0.681 and
	1.0.0.203 allows an unauthenticated attacker to access all
	candidates' information remotely on the website by modifying "selApp" parameter
	on resumeDetail.cfm.

	This includes personal information and other sensitive data of the applicants.

	------------------------------------------

	[Additional Information]
	Attack type
	Remote

	Impact
	Disclose personal data on the application.

	Affected component
	Humanica 7 version 1.0.0.681, 1.0.0.203 Recruitment module

	Attack vector
	We found that the product could be accessed directly to the page that contain personal data of candidates. This could be done easily if the
	url is known and the authentication is not required, moreover all candidates' data could be enumerated by changing the running number of the variable (selApp).

	------------------------------------------

	[Vulnerability Type]
	Incorrect Access Control

	------------------------------------------

	[Vendor of Product]
	Humanica

	------------------------------------------

	[Affected Product Code Base]
	Humanica 7 - 1.0.0.681, 1.0.0.203

	------------------------------------------

	[Affected Component]
	Recruitment module

	------------------------------------------

	[Attack Type]
	Remote

	------------------------------------------

	[Impact Information Disclosure]
	true

	------------------------------------------

	[Attack Vectors]
	To exploit vulnerability, an attacker needs to access to the vulnerable URL https://[target]/sunfish5/ehrm/humanica/recruitment_online/personalData/resumeDetail.cfm?selApp=[number]

	------------------------------------------

	[Reference]
	https://www.humatrix7.com/sunfish5/ehrm/humanica/recruitment_online/login.cfm

	------------------------------------------

	[Discoverer]
	Nuttakorn Dhiraprayudti