Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.3.8 that stems from the presence of an insecure direct object reference IDOR vulnerability that allows an attacker to edit another user'...

PT-2024-38041 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version v0.3.8 Description: An Insecure Direct Object Reference IDOR vulnerability exists, occurring in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update. The decentralization design is flawed, allowing...

CVE-2024-47316 WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9...

Insecure Direct Object Reference (IDOR)

org.eclipse.edc,control-plane-catalog is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to missing filtering on single dataset requests, which fails to properly verify access permissions for restricted datasets. It allows unauthorized parties to access sensitive...

Mars: █████████ when adding branches to your account

A vulnerability was identified in the branch addition functionality of the Royal Canin specialized channel website. The issue was classified as an Insecure Direct Object Reference IDOR vulnerability, which allowed unauthorized users to add branches to any account by manipulating the customer's...

Transport Management System 1.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Transport Management System 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | |...

Event Management System 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : Event Management System v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bi...

Insecure Direct Object Reference (IDOR)

aimeos/ai-controller-frontend is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to a lack of proper access control and authorization checks, allowing attackers to manipulate object references like user IDs without verification...

Insecure Direct Object References

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Insecure Direct Object References due to ‘profileid’ parameter being manipulated to switch to a different post, when attempting to update a profile entry. This allows users to enumerate other...

Simbarashe Financial Services 2.9.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Simbarashe Financial Services v2.9.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bit...

SchoolPlus 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : SchoolPlus v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor...

Authorization Bypass Through User-Controlled Key

Overview aimeos/ai-controller-frontend is an Aimeos business controller logic for frontend Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the account profile page. An attacker can manipulate account details and disable subscriptions an...

CVE-2024-39319

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...

CVE-2024-39319 aimeos/ai-controller-frontend has IDOR vulnerability in account profile page

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...

CVE-2024-39319

CVE-2024-39319 affects the aimeos/ai-controller-frontend frontend controller. The vulnerability is an insecure direct object reference (IDOR) that allows an attacker to disable subscriptions and reviews of another customer. Affected versions are prior to 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8,...

CVE-2024-39319 aimeos/ai-controller-frontend has IDOR vulnerability in account profile page

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...

Aimeos frontend controller 安全漏洞

Aimeos frontend controller is an Aimeos open source frontend controller. Aimeos frontend controller has a security vulnerability that stems from an insecure direct object reference that could allow an attacker to disable the subscribe and comment functionality for other clients. The following...

CVE-2024-8290

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...

CVE-2024-8290

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...

CVE-2024-8290 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...