In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
https://www.exploit-db.com/exploits/49378
https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486