CVE-2022-27247

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer e.g., data of birth, full address, mail information, and phone number via GastKont Insecure Direct Object Reference...

Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users

An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers logged in users to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org...

GHSA-HH92-WG7V-8VFR Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users

An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers logged in users to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org...

Bus Pass Management System Insecure Direct Object Reference Vulnerability

Bus Pass Management System is a bus pass management system. version 1.0 of Bus Pass Management System is vulnerable to an insecure direct object reference vulnerability that stems from the viewid parameter failing to check user permissions on all target object accesses. An attacker could exploit...

SES IT und Web Solutions cdSoft Onlinetools-Smart Winhotel.MX 安全漏洞

SES IT und Web Solutions cdSoft Onlinetools-Smart Winhotel.MX 2021 is a hotel software from SES IT und Web Solutions, Germany. MX 2021 is a hotel software from SES IT und Web Solutions, Germany. cdSoft Onlinetools-Smart Winhotel.MX 2021 version contains a security vulnerability that originates in...

CVE-2022-1352

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

CVE-2022-1352

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

Design/Logic Flaw

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

CVE-2022-1352

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

CVE-2022-1352

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

CVE-2022-1352

Removed by vendor...

CVE-2022-29008

An insecure direct object reference IDOR vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information...

CVE-2022-29008

An insecure direct object reference IDOR vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information...

Bus Pass Management System 安全漏洞

Bus Pass Management System is a bus pass management system. version 1.0 of Bus Pass Management System is vulnerable to an insecure direct object reference vulnerability that stems from the viewid parameter failing to check user permissions on all target object accesses. An attacker could exploit...

PT-2022-13821 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab EE/CE versions 11.0 through 14.8.5 Gitlab EE/CE versions 14.9 through 14.9.3 Gitlab EE/CE versions 14.10 through 14.10.0 Description: The issue is related to an insecure direct object reference vulnerability. This vulnerability may all...

LMS Doctor 2 Factor Authentication for Moodle 安全漏洞

LMS Doctor 2 Factor Authentication for Moodle is a Moodle plugin for secondary authentication from LMS Doctor. A security vulnerability exists in LMS Doctor 2 Factor Authentication for Moodle that stems from the presence of an insecure direct object reference IDOR. A remote attacker could exploit...

Design/Logic Flaw

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin although this cannot happen according to the documentation via Insecure Direct Object Reference IDOR vulnerability...

Tyler Technologies Tyler Odyssey信息泄露漏洞

Tyler Technologies Tyler Odyssey is a court and judicial software system from Tyler Technologies, Inc. An information disclosure vulnerability exists in versions of Tyler Technologies Tyler Odyssey prior to 17.1.20, which stems from an insecure direct object reference issue in the platform. An...

CVE-2022-26665

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records...

Design/Logic Flaw

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records...