4464 matches found
CVE-2025-51628
Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...
CVE-2025-51533
The CVE-2025-51533 entry describes an Insecure Direct Object Reference (IDOR) in Sage DPW versions 2024_12_004 and earlier. The vulnerability allows unauthenticated attackers to access internal forms by sending a crafted GET request, implying a direct object access flaw that could disclose low-se...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
PT-2025-32305 · Sage · Sage Dpw
Name of the Vulnerable Software and Affected Versions: Sage DPW versions 2024 12 004 and below Description: An Insecure Direct Object Reference IDOR allows unauthorized attackers to access internal forms by sending a crafted GET request. Recommendations: Update Sage DPW to a version later than 20...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-51628
Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...
CVE-2025-51628
Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
CVE-2025-50340 affects SOGo Webmail up to version 5.6.0 (authenticated IDOR). The vulnerability lets an authenticated user send emails on behalf of other users by manipulating a sender identity in the email-sending request, due to insufficient verification of authorization to use the specified se...
PT-2025-31860 · Unknown +1 · Sogo Web Mail +1
Name of the Vulnerable Software and Affected Versions: SOGo Webmail versions through 5.6.0 Description: An Insecure Direct Object Reference IDOR vulnerability allows an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending...
CVE-2025-50340
Removed by vendor...
CVE-2025-50849
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference IDOR. The user profile functionality allows enabling or disabling stickers through a parameter companyid sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate...
CVE-2025-50849
CS Cart 4.18.3 is affected by CVE-2025-50849: an Insecure Direct Object Reference (IDOR) in the user profile function via the company_id parameter allows an authenticated user to alter another user’s sticker setting due to insufficient server-side validation. Root cause: improper validation of ob...
CS Cart 安全漏洞
CS Cart is an e-commerce system from CS Cart Inc. in the United States. A security vulnerability exists in CS Cart version 4.18.3, which stems from an insecure direct object reference that could lead to unauthorized manipulation of other user accounts...
CVE-2025-50849
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference IDOR. The user profile functionality allows enabling or disabling stickers through a parameter companyid sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate...
CVE-2025-50849
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference IDOR. The user profile functionality allows enabling or disabling stickers through a parameter companyid sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate...