4452 matches found
CVE-2025-40661 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp...
CVE-2025-40661
CVE-2025-40661 corresponds to an Insecure Direct Object Reference (IDOR) in DM Corporative CMS. The vulnerability arises from improper access control around the option parameter in /administer/selectionnode/selection.asp, allowing an attacker to access the private area by setting option to 0, 1 o...
CVE-2025-40660 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0...
CVE-2025-40660
CVE-2025-40660 describes an IDOR in DM Corporative CMS. An attacker can access a private area by setting option to 0, 1, or 2 in /administer/select node/data.asp (parameters include mode, id1, id2, session, cod, networks). Multiple connected sources confirm the vulnerability core: insecure direct...
CVE-2025-40659 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp...
CVE-2025-40659 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp...
CVE-2025-40659
DM Corporative CMS is affected by an Insecure Direct Object Reference (IDOR) in the endpoint /administer/selectionnode/framesSelectionNetworks.asp, caused by insufficient access control when the option parameter is set to 0, 1, or 2. The vulnerability lets an attacker access the private area data...
CVE-2025-40658 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp...
CVE-2025-40658 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp...
CVE-2025-40658
DM Corporative CMS is affected by an Insecure Direct Object Reference (IDOR) vulnerability. The flaw occurs in the endpoint /administer/selectionnode/framesSelection.asp where an attacker can set the option parameter to 0, 1, or 2 to access a private area. Impact details indicate exposure of sens...
PT-2025-24643 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...
Dmacroweb DM Corporative CMS 安全漏洞
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which originates from the parameter option in the file /administer/selectionnode/selection.asp that fails to...
DM Corporative CMS 安全漏洞
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which originates from the parameter option in the file /administer/select node/data.asp that fails to proper...
Dmacroweb DM Corporative CMS 安全漏洞
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which stems from the failure of the option parameter in the file...
PT-2025-24645 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...
PT-2025-24644 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...
PT-2025-24642 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...
📄 Adapt CMS 3.0.3 Insecure Direct Object Reference / Incorrect Authorization
Adapt CMS version 3.0.3 suffers from an insecure direct object reference vulnerability that allows for privilege escalation. Exploit Title: IDOR "Change Password" Functionality - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog:...
CVE-2025-4691
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...
CVE-2025-4691
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...