Sunshine Photo Cart < 3.0 - Insecure Direct Object Reference to Order Manipulation

Description The Sunshine Photo Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.9.25 due to missing validation on a user-controlled key. This can allow unauthenticated attackers to manipulate orders that do not belong to them...

CVE-2023-38884

An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...

CVE-2023-38884

An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...

CVE-2023-38884

An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...

Design/Logic Flaw

An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...

TYPO3-EXT-SA-2023-009: Insecure Direct Object Reference in extension "Content Consent" (content_consent)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-009...

Open Solutions For Education openSIS Security Vulnerability

Open Solutions For Education openSIS is an open source student information management system from Open Solutions For Education, USA. A security vulnerability exists in Open Solutions For Education openSIS Classic Community Edition version v9.0, which stems from the presence of an insecure direct...

CVE-2023-38884

CVE-2023-38884 affects the Community Edition (openSIS Classic) v9.0. The issue is an Insecure Direct Object Reference (IDOR) that allows an unauthenticated remote attacker to access any student’s files by visiting a direct file URL under /assets/studentfiles/-. The vulnerability stems from insuff...

CVE-2023-38884

An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...

UBUNTU-CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

Insecure Direct Object Reference (IDOR)

ibexa/core is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is present because the DownloadController.php does not adequately validate the filenames in download URLs, allowing an attacker to craft malicious download URLs with filenames that bear no relation to the actual...

Inventory Management System Security Vulnerability

Inventory Management System is an inventory management system by the individual developers of stemword. A security vulnerability exists in Inventory Management System v1.0 that could allow an attacker to change any user's password and take over the account via an IDOR in the password change...

PT-2023-30028 · Sourcecodester · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Free and Open Source inventory management system version 1.0 Description: The issue allows an arbitrary user to change the password of another user and take over the account via Insecure Direct Object Reference IDOR in the...

Lost and Found Information System security breach

Lost and Found Information System is a lost and found information system by oretnom23 Individual Developer. A security vulnerability exists in version 1.0 of the Lost and Found Information System, which stems from an insecure direct object reference vulnerability in the system that allows account...

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization through the V1/customers/me endpoint. An attacker can achieve information exposure and privilege escalation by triggering an insecure direct object...

CVE-2023-45396

An Insecure Direct Object Reference IDOR vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12...

CVE-2023-45396

An Insecure Direct Object Reference IDOR vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12...

CVE-2023-45396

An Insecure Direct Object Reference IDOR vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12...

Design/Logic Flaw

An Insecure Direct Object Reference IDOR vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12...

PT-2023-29547 · Elenos · Elenos Etg150 Fm Transmitter

Name of the Vulnerable Software and Affected Versions: Elenos ETG150 FM transmitter version 3.12 Description: An Insecure Direct Object Reference IDOR issue allows access to events profiles. Recommendations: For Elenos ETG150 FM transmitter version 3.12, consider restricting access to sensitive...