Remote Access to Candidates' Personal Information in Humanica Humatrix 7 Recruitment Module

Remote Access to Candidates' Personal Information in Humanica Humatrix 7 Recruitment Module

CVE-2019-14932 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data.

Learn more about our Web App Pen Testing.