Newgen Correspondence Management System eGov 12.0 Insecure Direct Object Reference

Newgen Correspondence Management System (corms) eGov version 12.0 suffers from an insecure direct object reference vulnerability.

MD5 | bbc08f228aff63db79a074191ab587d5

# Exploit Title: Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
# Date: 29 Dec 2020
# Exploit Author: ALI AL SINAN
# Vendor Homepage:
# Software Link:
# Version: eGov 12.0
# Tested on: JBoss EAP 7
# CVE : CVE-2020-35737


Correspondence management is the process of handling official incoming and outgoing correspondence in government agencies. The word “correspondence” in this context refers to physical letters, direct e-delivery, emails and faxes along with all their attachments that are received by the government agencies.



Affected URL:

Vulnerability Description:
user can manipulate parameter “UserIndex” in personal setting page. this parameter can allow un-authorized access to view or change other user's personal information.

Related Posts