CVE-2023-2172

CVE-2023-2172 affects the BadgeOS WordPress plugin up to version 3.7.1.6. The issue arises from improper validation and authorization in four AJAX handlers (badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, badgeos_update_ranks_r...

CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...

CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...

Authorization Bypass

github.com/gravitl/netmaker is vulnerable to authorization bypass. The vulnerability exists due to an Insecure Direct Object Reference, which allows an attacker to update a password of another user...

PHPValley Micro Jobs 2.0.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : PHPValley Micro Jobs v2.0.1 Missing Authentication Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

CVE-2023-32078 Netmaker IDOR Vulnerability Allows User to Update Other User's Password

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

FlightPath LMS 5.0-rc2 Insecure Direct Object Reference

==================================================================================================================================== | Title : FlightPath LMS v5.0-rc2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

Foodiee CMS 1.0.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : Foodiee CMS v1.0.1 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

FlightPath LMS 4.8.2 Insecure Direct Object Reference

==================================================================================================================================== | Title : FlightPath LMS v4.8.2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

i2soft CMS 2.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : i2soft CMS v2.0 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

UBUNTU-CVE-2023-37543

Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a different vulnerability than CVE-2019-16723...

Cacti security breach

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti versions prior to 1.2.6, which ste...

CVE-2023-37543

CVE-2023-37543 affects Cacti prior to 1.2.6, enabling insecure direct object reference (IDOR) by modifying local_graph_id in graph_xport.php. Root cause: IDOR in graph access. Impact: access to any graph; CVSS base score 7.5 (HIGH) per NVD. Remediation: upgrade to 1.2.6 or newer; no exploitation ...

CVE-2023-37543

Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a different vulnerability than CVE-2019-16723...

PT-2023-5432 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.6 Description: The issue is related to an Insecure Direct Object Reference IDOR in the graph xport.php component, allowing unauthorized access to any graph via a modified local graph id parameter. This can enable a...

EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference Vulnerabilities

The EuroTel ETL3100 transmitter is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and...

WordPress EventON Calendar 4.4 Insecure Direct Object Reference

Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-3219 1. Description The plugin does no...

Web Stock 3.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Web Stock v3.0 Unauthorised Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...

Yourdoctor CMS 1.5 Insecure Direct Object Reference

==================================================================================================================================== | Title : Yourdoctor CMS v1.5 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Yourdoctor CMS 1.4 Insecure Direct Object Reference

==================================================================================================================================== | Title : Yourdoctor CMS v1.4 Unauthorised Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...