CVE-2024-47047

CVE-2024-47047 concerns the powermail TYPO3 extension (up to 12.4.0). The root cause is the failure to validate the mail parameter in the createAction, leading to an Insecure Direct Object Reference (IDOR). Consequence: an unauthenticated attacker can view user-submitted data from all forms persi...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 12.4.0 and earlier, which stems from an inability to validate the mail parameter of createAction, resulting in insecure direct object...

VulnCheck KEV: CVE-2024-8956

PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference IDOR vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root...

CVE-2024-25270

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference IDOR vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data...

CVE-2024-25270

Mirapolis LMS 4.6.XX contains an IDOR vulnerability that authenticated users can exploit by manipulating the ID parameter and incrementing the STEP parameter, potentially exposing sensitive user data. Root cause: insecure direct object reference in the affected endpoint. Affected product/version:...

ownCloud < 10.15.0 Multiple Vulnerabilities

ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; ifdescription...

CVE-2024-27113

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

CVE-2024-27113 Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

CVE-2024-27113 Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

Insecure Direct Object Reference in external storage - ownCloud

Insecure Direct Object Reference in external storage configuration may allow an authenticated attacker to change configuration of external storage of another user as well as gain access to credentials...

CVE-2024-8428

The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...

CVE-2024-8428

The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...

CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover

The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...

CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover

The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...

CVE-2024-8428

Summary (CVE-2024-8428) : The ForumWP – Forum & Discussion Board Plugin for WordPress (

CVE-2024-8292 WP-Recall – Registration, Profile, Commerce & More <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for...

WordPress WP-Recall plugin <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update vulnerability

Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update vulnerability discovered by wesley wcraft in WordPress Plugin WP-Recall versions = 16.26.8...

File Management System 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : File Management System 1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...

WordPress WP-Recall Plugin <= 16.26.8 is vulnerable to Insecure Direct Object References (IDOR)

Software WP-Recall Type Plugin Vulnerable versions = 16.26.8 Fixed in 16.26.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-8292 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 49cff2ea1861 Credits wesley wcraft...

CVE-2024-8123

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicatepost function due to missing validation on a user controlled key. This makes it possible for authenticated attackers...