Exploit for Newgen Correspondence Management System eGov 12.0 Insecure Direct Object Reference CVE-2020-35737

Name: Exploit for Newgen Correspondence Management System eGov 12.0 Insecure Direct Object Reference CVE-2020-35737
Rating: 5 (168 reviews)

2021-01-06 | CVSS 5.0

## https://sploitus.com/exploit?id=PACKETSTORM:160826
# Exploit Title: Newgen Correspondence Management System (corms) eGov 12.0 - IDOR  
# Date: 29 Dec 2020  
# Exploit Author: ALI AL SINAN  
# Vendor Homepage: https://newgensoft.com  
# Software Link: https://newgensoft.com/solutions/industries/government/e-gov-office/  
# Version: eGov 12.0  
# Tested on: JBoss EAP 7  
# CVE : CVE-2020-35737  
-----------------------------------------------------  
  
Description:  
  
Correspondence management is the process of handling official incoming and outgoing correspondence in government agencies. The word “correspondence” in this context refers to physical letters, direct e-delivery, emails and faxes along with all their attachments that are received by the government agencies.  
  
-----------------------------------------------------  
  
Vulnerability:  
  
Affected URL:  
http://server/corms/dist/#/web/home/workdesk/inbox  
  
Vulnerability Description:  
user can manipulate parameter “UserIndex” in personal setting page. this parameter can allow un-authorized access to view or change other user's personal information.