4442 matches found
CVE-2024-9700
CVE-2024-9700 affects the WordPress plugin “Forminator Forms – Contact Form, Payment Form & Custom Form Builder” and covers all versions up to and including 1.36.0. The vulnerability is an Insecure Direct Object Reference via the submit_quizzes() function, caused by missing validation on the entr...
CVE-2024-9700 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...
CVE-2024-9700 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...
WordPress plugin Forminator Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-51066
An Insecure Direct Object Reference IDOR vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information PII of other customers...
CVE-2024-7474
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference IDOR vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access...
CVE-2024-7474 IDOR in lunary-ai/lunary
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference IDOR vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access...
CVE-2024-7474 IDOR in lunary-ai/lunary
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference IDOR vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access...
CVE-2024-7474
In lunary-ai/lunary v1.3.2, CVE-2024-7474 describes an Insecure Direct Object Reference (IDOR) vulnerability where an attacker can view or delete external users by tampering with the id parameter in the request URL. The issue stems from inadequate checks on id, enabling unauthorized access to ext...
Lunary 安全漏洞
Lunary is a production toolkit for LLMs open sourced by Lunary. A security vulnerability exists in Lunary v1.3.2, which stems from the presence of an IDOR vulnerability that allows an authenticated user to update another user's prompt by manipulating the id parameter in the request...
PT-2024-9679 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.3.2 Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability, which allows unauthorized access to external user data by manipulating the id parameter in the request URL. This can...
CVE-2024-10439
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...
CVE-2024-10439
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...
CVE-2024-10439 Sunnet eHRD CTMS - Insecure Direct Object Reference
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...
CVE-2024-10439
The CVE-2024-10439 entry concerns the Sunnet eHRD CTMS system, where an Insecure Direct Object Reference (IDOR) vulnerability exists in a parameter that allows unauthenticated remote attackers to access arbitrary files uploaded by any user. Affected software: eHRD CTMS from Sunnet (no other produ...
CVE-2024-10439 Sunnet eHRD CTMS - Insecure Direct Object Reference
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...
WordPress WPSchoolPress plugin <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation vulnerability
Insecure Direct Object Reference to Authenticated Teacher+ Account Takeover/Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin WPSchoolPress versions = 2.2.10...
WordPress WPSchoolPress Plugin <= 2.2.10 is vulnerable to Insecure Direct Object References (IDOR)
Software WPSchoolPress Type Plugin Vulnerable versions = 2.2.10 Fixed in 2.2.11 OWASP Top 10 A3: Injection Classification Insecure Direct Object References IDOR CVE CVE-2024-9637 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID d50363b8f523 Credits wesley wcraft Required...
CVE-2024-9263
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save due to missing validation on a user...
CVE-2024-9263 WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save due to missing validation on a user...