{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T01:53:47.436","vulnerabilities":[{"cve":{"id":"CVE-2019-17604","sourceIdentifier":"cve@mitre.org","published":"2019-11-07T16:15:11.077","lastModified":"2024-11-21T04:32:37.507","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter)."},{"lang":"es","value":"Una vulnerabilidad de tipo Insecure Direct Object Reference (IDOR) en eyecomms eyeCMS hasta el  15-10-2019, permite a cualquier candidato cambiar la información personal de otros candidatos (nombre, apellido, correo electrónico, CV, número de teléfono y toda otra información personal) mediante el cambio de valor del id del candidato (el parámetro id)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eyecomms:eyecms:*:*:*:*:*:*:*:*","versionEndIncluding":"2019-10-15","matchCriteriaId":"346D52A7-F1C4-4D5C-BEB0-24A2C1E8B52B"}]}]}],"references":[{"url":"http://www.eyecomms.com/Products/eyeCMS.html","source":"cve@mitre.org","tags":["Product","Vendor Advisory"]},{"url":"https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.eyecomms.com/Products/eyeCMS.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Vendor Advisory"]},{"url":"https://gist.github.com/AhMyth/b0f7e4b8244def8eb8d7d8c61fa6d4e5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}