CVE-2024-55471

Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...

CVE-2024-55471

Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...

CVE-2024-55471

Summary: CVE-2024-55471 affects Oqtane Framework via Insecure Direct Object Reference in Oqtane.Controllers.UserController, enabling unauthorized access to other users’ data by tampering the id parameter. Affected information includes guidance across multiple sources; remediation is to upgrade to...

PT-2024-36526 · Unknown · Oqtane Framework

Name of the Vulnerable Software and Affected Versions: Oqtane Framework affected versions not specified Description: The issue is related to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController, allowing unauthorized users to access sensitive information of other users by...

CVE-2024-55186

An IDOR Insecure Direct Object Reference vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...

PHPGurukul Online Notes Sharing Management System 安全漏洞

PHPGurukul Online Notes Sharing Management System is an online notes sharing management system from PHPGurukul Inc. A security vulnerability exists in PHPGurukul Online Notes Sharing Management System v1.0, which stems from a lack of authorization checking and an IDOR vulnerability that allows...

CodeAstro Complaint Management System 安全漏洞

CodeAstro Complaint Management System is a complaint management system from CodeAstro. A security vulnerability exists in CodeAstro Complaint Management System v1.0, which stems from an IDOR vulnerability that can be exploited to execute arbitrary code and obtain sensitive information by modifyin...

CVE-2024-55058

An insecure direct object reference IDOR vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the...

PHPGurukul Online Birth Certificate System 安全漏洞

Online Birth Certificate System is an online birth certificate system. The Online Birth Certificate System suffers from an insecure direct object reference vulnerability that stems from a lack of proper authorization checking of the viewid parameter in the /user/view-application-detail.php file. ...

CVE-2024-55058

An insecure direct object reference IDOR vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the...

CVE-2024-55058

CVE-2024-55058 applies to PHPGurukul Online Birth Certificate System v1.0, where an insecure direct object reference exists in the viewid parameter of /user/view-application-detail.php. The vulnerability allows authenticated users to manipulate the viewid in the URL to access sensitive birth cert...

CVE-2024-12447

The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2024-12447

CVE-2024-12447 is a vulnerability in the Get Post Content Shortcode plugin for WordPress, affecting all versions up to 0.4. It enables Insecure Direct Object Reference via the post_content shortcode due to missing validation on a user-controlled key, allowing authenticated attackers with Contribu...

CVE-2024-12447 Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode

The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

WordPress plugin Get Post Content Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

WordPress Get Post Content Shortcode plugin <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Disclosure via postcontent Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Get Post Content Shortcode versions = 0.4...

CVE-2024-12309

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2024-12309

CVE-2024-12309 affects Rate My Post – Star Rating Plugin for WordPress (FeedbackWP). The vulnerability is an Insecure Direct Object Reference in get_post_status() due to missing validation on a user-controlled key, allowing unauthenticated voters to affect unpublished posts. The CVE entry notes v...

PT-2024-17538 · Feedbackwp · Rate My Post – Star Rating Plugin

Name of the Vulnerable Software and Affected Versions: Rate My Post – Star Rating Plugin by FeedbackWP versions up to, and including, 4.2.4 Description: The issue allows unauthenticated attackers to vote on unpublished scheduled posts due to missing validation on a user-controlled key in the get...