CVE-2017-16631

In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...

CVE-2019-17604

An Insecure Direct Object Reference IDOR vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information first name, last name, email, CV, phone number, and all other personal information by changing the value of the candidate id the id...

CVE-2019-13461

In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...

CVE-2018-17449

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference...

The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference

The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files...

GHSA-CVGC-MX2W-H3W8 The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference

The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files...

reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference

Insecure Direct Object Reference in the reintdownloadmanager TYPO3 extension allows remote attackers to read arbitrary files via the downloaduid parameter in the downloadAction...

The femanager TYPO3 extension allows Insecure Direct Object Reference

Insecure Direct Object Reference IDOR in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController...

GHSA-XXWR-WV9G-7JW3 The femanager TYPO3 extension allows Insecure Direct Object Reference

Insecure Direct Object Reference IDOR in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController...

CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-20114

CVE-2025-20114 concerns Cisco Unified Intelligence Center API security. The published entries indicate an authenticated, remote attacker could exploit insufficient validation of user-supplied API parameters to perform an insecure direct object reference (IDOR) attack, enabling horizontal privileg...

CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-48207

The reintdownloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference...

CVE-2025-48202

The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference...

CVE-2025-48205

The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference...

CVE-2025-48202

The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference...

TYPO3 femanager 安全漏洞

TYPO3 femanager is a TYPO3 extension to the TYPO3 open source. A security vulnerability exists in TYPO3 femanager version 8.2.1 and earlier, which stems from the presence of an unsafe direct object reference...

CVE-2025-48205

The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 12.4.8 and earlier, which stems from the presence of an unsafe direct object reference...