3456 matches found
WordPress WooCommerce Point of Sale plugin <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability
Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability discovered by Tonn in WordPress Plugin WooCommerce Point of Sale versions = 6.1.0...
GHSA-2HR5-CVWP-JR5W Oqtane Framework Insecure Direct Object Reference vulnerability
An IDOR Insecure Direct Object Reference vulnerability exists in Oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
Oqtane Framework Insecure Direct Object Reference vulnerability
An IDOR Insecure Direct Object Reference vulnerability exists in Oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
Oqtane Framework Insecure Direct Object Reference vulnerability
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
GHSA-HHCW-WWXV-G95C Oqtane Framework Insecure Direct Object Reference vulnerability
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
CVE-2024-55471
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
CVE-2024-55186
An IDOR Insecure Direct Object Reference vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
CVE-2024-55186
An IDOR Insecure Direct Object Reference vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
CVE-2024-12014
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers...
CVE-2024-12014 Path Traversal vulnerability in eSignaViewer Allow Unauthorized File Access
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers...
CVE-2024-12014 Path Traversal vulnerability in eSignaViewer Allow Unauthorized File Access
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers...
CVE-2024-12014
Summary: CVE-2024-12014 describes a path traversal and insecure direct object reference (IDOR) vulnerability in the eSignaViewer component of the eSigna product (versions 1.0–1.5) that allows an unauthenticated attacker to access arbitrary files in the document system by manipulating file paths a...
CVE-2024-55471
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
CVE-2024-55471
Summary: CVE-2024-55471 affects Oqtane Framework via Insecure Direct Object Reference in Oqtane.Controllers.UserController, enabling unauthorized access to other users’ data by tampering the id parameter. Affected information includes guidance across multiple sources; remediation is to upgrade to...
CVE-2024-55471
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
CVE-2024-55186
An IDOR Insecure Direct Object Reference vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
PT-2024-36526 · Unknown · Oqtane Framework
Name of the Vulnerable Software and Affected Versions: Oqtane Framework affected versions not specified Description: The issue is related to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController, allowing unauthorized users to access sensitive information of other users by...
PHPGurukul Online Notes Sharing Management System 安全漏洞
PHPGurukul Online Notes Sharing Management System is an online notes sharing management system from PHPGurukul Inc. A security vulnerability exists in PHPGurukul Online Notes Sharing Management System v1.0, which stems from a lack of authorization checking and an IDOR vulnerability that allows...
CodeAstro Complaint Management System 安全漏洞
CodeAstro Complaint Management System is a complaint management system from CodeAstro. A security vulnerability exists in CodeAstro Complaint Management System v1.0, which stems from an IDOR vulnerability that can be exploited to execute arbitrary code and obtain sensitive information by modifyin...
CVE-2024-55058
An insecure direct object reference IDOR vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the...