CVE-2023-7198 WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes

The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References IDOR in postid= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of...

CVE-2023-7198

The WP Dashboard Notes WordPress plugin (versions

Moodle 4.3 - Insecure Direct Object Reference Vulnerability

Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference IDOR Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3+ Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the...

Moodle 4.3 Insecure Direct Object Reference

Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference IDOR Date: 20/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3+ Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the...

WordPress plugin WP Dashboard Notes security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress WP Dashboard Notes Plugin < 1.0.11 is vulnerable to Insecure Direct Object References (IDOR)

Software WP Dashboard Notes Type Plugin Vulnerable versions 1.0.11 Fixed in 1.0.11 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-7198 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 493c887865e6 Credits Pedro Cuco...

PT-2024-15223 · WordPress · Wp Dashboard Notes

Name of the Vulnerable Software and Affected Versions: WP Dashboard Notes WordPress plugin versions prior to 1.0.11 Description: The issue allows authenticated users to delete private notes associated with different user accounts due to Insecure Direct Object References IDOR in the post id=...

Moodle 4.3 - Insecure Direct Object Reference

Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference IDOR Date: 20/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3+ Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the...

WordPress User Shortcodes Plus Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)

Software User Shortcodes Plus Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6969 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cc1bdd35256f Credits Francesco...

User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode

Description The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2024-22455

Dell Mobility - E-Lab Navigator, versions 3.1.9, 3.2.0, contains an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks...

Design/Logic Flaw

Dell E-Lab Navigator, 3.1.9, 3.2.0, contains an Insecure Direct Object Reference Vulnerability in Feedback submission. An attacker could potentially exploit this vulnerability, to manipulate the email's appearance, potentially deceiving recipients and causing reputational and security risks...

CVE-2024-22455

Dell Mobility - E-Lab Navigator, versions 3.1.9, 3.2.0, contains an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks...

CVE-2024-22455

Dell Mobility - E-Lab Navigator, versions 3.1.9, 3.2.0, contains an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks...

CVE-2024-22455

Dell Mobility - E-Lab Navigator (versions 3.1.9 and 3.2.0) contains an Authorization Bypass Through User-Controlled Key vulnerability. Multiple connected sources describe an Insecure Direct Object Reference in Feedback submission that could allow an unauthenticated, locally positioned attacker to...

PT-2024-19434 · Dell · Dell Mobility - E-Lab Navigator

Name of the Vulnerable Software and Affected Versions: Dell Mobility - E-Lab Navigator versions 3.1.9 through 3.2.0 Description: The issue allows an unauthenticated attacker with local access to potentially exploit the vulnerability, leading to the launch of phishing attacks. It is related to an...

CVE-2023-49339

Ellucian Banner 9.17 allows Insecure Direct Object Reference IDOR via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint...

CVE-2023-49339

Ellucian Banner 9.17 allows Insecure Direct Object Reference IDOR via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint...

Design/Logic Flaw

Ellucian Banner 9.17 allows Insecure Direct Object Reference IDOR via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint...

CVE-2023-49339

Ellucian Banner 9.17 allows Insecure Direct Object Reference IDOR via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint...