CVE-2019-17605
CVE-2019-17605
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
07 Nov 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →