4441 matches found
CVE-2023-6226 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...
CVE-2023-6226
CVE-2023-6226 affects the WordPress plugin WP Shortcodes Plugin – Shortcodes Ultimate, versions ≤ 5.13.3. The issue is an Insecure Direct Object Reference (IDOR) in the su_meta shortcode caused by missing validation of user-controlled keys key and post_id. This allows authenticated users with con...
WordPress Shortcodes Ultimate Plugin <= 5.13.3 is vulnerable to Insecure Direct Object References (IDOR)
Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.13.3 Fixed in 7.0.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6226 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7b259d4a9888 Credits Francesc...
CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards
Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...
CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards
Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...
Sysaid Technologies SysAid Security Vulnerabilities
Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. A security vulnerability exists in Sysaid Technologies SysAid versions prior to 23.2.15 that stems from the presence of an insecure direct object reference IDOR issue that allows an attacker...
Youzify < 1.2.3 - Insecure Direct Object Reference
Description The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.2 due to missing validation on a user controlled key. This makes it...
Pre-Publish Checklist < 1.1.2 - Insecure Direct Object Reference to Arbitrary Post '_ppc_meta_key' Update
Description The Pre-Publish Checklist plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.1.1 via the ppcmetaboxajaxaddhandler and ppcmetaboxajaxdeletehandler functions due to missing validation on a user controlled key. This can allow...
Sunshine Photo Cart < 3.0 - Insecure Direct Object Reference to Order Manipulation
Description The Sunshine Photo Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.9.25 due to missing validation on a user-controlled key. This can allow unauthenticated attackers to manipulate orders that do not belong to them...
CVE-2023-38884
An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...
CVE-2023-38884
An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...
CVE-2023-38884
An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...
Design/Logic Flaw
An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...
TYPO3-EXT-SA-2023-009: Insecure Direct Object Reference in extension "Content Consent" (content_consent)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-009...
Open Solutions For Education openSIS Security Vulnerability
Open Solutions For Education openSIS is an open source student information management system from Open Solutions For Education, USA. A security vulnerability exists in Open Solutions For Education openSIS Classic Community Edition version v9.0, which stems from the presence of an insecure direct...
CVE-2023-38884
An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...
CVE-2023-38884
CVE-2023-38884 affects the Community Edition (openSIS Classic) v9.0. The issue is an Insecure Direct Object Reference (IDOR) that allows an unauthenticated remote attacker to access any student’s files by visiting a direct file URL under /assets/studentfiles/-. The vulnerability stems from insuff...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
Design/Logic Flaw
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...