PT-2024-18177 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 0.3.0 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the project update endpoint, allowing authenticated users to modify the name of any project within the system without proper...

CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...

CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...

PT-2024-18176 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 0.3.0 Description: An Insecure Direct Object Reference IDOR vulnerability exists, allowing unauthorized deletion of any organization's project. The issue is due to insufficient authorization checks in the project...

TIBCO Security Advisory: April 9, 2024 - TIBCO JasperReports Server - CVE-2024-3324

TIBCO JasperReports Server Insecure Direct Object References IDOR Vulnerability Original release date: April 9, 2023 Last revised: --- CVE-2024-3324 Source: TIBCO Software Inc. Products Affected TIBCO JasperReports Server versions 8.0.4 and below TIBCO JasperReports Server versions 8.2.0 and belo...

CVE-2024-1289

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...

CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...

CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...

CVE-2024-1289

CVE-2024-1289 affects LearnPress – WordPress LMS Plugin. All versions up to 4.2.6.3 are vulnerable to Insecure Direct Object Reference (IDOR) due to missing validation on a user-controlled key when retrieving order data. Authenticated attackers can view orders placed by other users and guests, en...

CVE-2024-27630

Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...

PT-2024-21978

Name of the Vulnerable Software and Affected Versions: GNU Savane versions 3.12 and earlier Description: The issue allows a remote attacker to delete arbitrary files via crafted input to the trackers data delete file function. This is due to an Insecure Direct Object Reference IDOR in the softwar...

GNU Savane 安全漏洞

GNU Savane is a collaborative software development management system for project management, code hosting and community collaboration. GNU Savane suffers from an insecure direct object reference vulnerability that arises from an application that does not properly implement access control mechanis...

CVE-2024-31296 WordPress BookingPress plugin <= 1.0.81 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81...

WordPress BookingPress plugin <= 1.0.81 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin BookingPress versions = 1.0.81...

WordPress ProfileGrid plugin <= 5.7.6 - IDOR on Friend Request vulnerability

IDOR on Friend Request vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.6...

WordPress ProfileGrid Plugin <= 5.7.6 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.6 Fixed in 5.7.7 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-31291 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1fdaca4c89b3 Credits Kyle Sanchez...

WordPress LearnPress Plugin <= 4.2.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.3 Fixed in 4.2.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-1289 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 88d0a0c7ed9f Credits drop Required...

WordPress BookingPress Plugin <= 1.0.81 is vulnerable to Insecure Direct Object References (IDOR)

Software BookingPress Type Plugin Vulnerable versions = 1.0.81 Fixed in 1.0.82 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-31296 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1ca5ae451b3c Credits Steven Julian...

Insecure Direct Object Reference (IDOR)

bagisto/bagisto is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient validation of the invoice ID parameter in the print function within OrderController.php. This flaw allows an attacker to retrieve sensitive information, resulting in Information...

Thumbs Rating <= 5.1.0 - Unauthenticated Insecure Direct Object Reference

Description The Thumbs Rating plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.0 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to perform an unauthorized action...