CVE-2020-35737

In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt