CVE-2023-43900

Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...

CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

UBUNTU-CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

Insecure Direct Object Reference (IDOR)

ibexa/core is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is present because the DownloadController.php does not adequately validate the filenames in download URLs, allowing an attacker to craft malicious download URLs with filenames that bear no relation to the actual...

WordPress User Private Files Plugin < 2.0.5 is vulnerable to Insecure Direct Object References (IDOR)

Software User Private Files Type Plugin Vulnerable versions 2.0.5 Fixed in 2.0.5 OWASP Top 10 A3: Injection Classification Insecure Direct Object References IDOR CVE CVE-2023-4836 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 588e3012fbb4 Credits Dmitrii Ignatyev Require...

Inventory Management System Security Vulnerability

Inventory Management System is an inventory management system by the individual developers of stemword. A security vulnerability exists in Inventory Management System v1.0 that could allow an attacker to change any user's password and take over the account via an IDOR in the password change...

PT-2023-30028 · Sourcecodester · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Free and Open Source inventory management system version 1.0 Description: The issue allows an arbitrary user to change the password of another user and take over the account via Insecure Direct Object Reference IDOR in the...

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-46311 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 05932cb617e2 Credits Revan Arifio Requir...

Lost and Found Information System security breach

Lost and Found Information System is a lost and found information system by oretnom23 Individual Developer. A security vulnerability exists in version 1.0 of the Lost and Found Information System, which stems from an insecure direct object reference vulnerability in the system that allows account...

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization through the V1/customers/me endpoint. An attacker can achieve information exposure and privilege escalation by triggering an insecure direct object...

CVE-2023-45396

An Insecure Direct Object Reference IDOR vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12...

CVE-2023-45396

An Insecure Direct Object Reference IDOR vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12...

CVE-2023-45396

An Insecure Direct Object Reference IDOR vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12...

Design/Logic Flaw

An Insecure Direct Object Reference IDOR vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12...

Elenos ETG150 Security Vulnerability

The Elenos ETG150 is an FM transmitter from Elenos. A security vulnerability exists in the Elenos ETG150 FM transmitter version 3.12, which originates from an insecure direct object reference IDOR that occurs when an application provides direct access to an object based on user-supplied input...

CVE-2023-45396

An Insecure Direct Object Reference IDOR vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12...

PT-2023-29547 · Elenos · Elenos Etg150 Fm Transmitter

Name of the Vulnerable Software and Affected Versions: Elenos ETG150 FM transmitter version 3.12 Description: An Insecure Direct Object Reference IDOR issue allows access to events profiles. Recommendations: For Elenos ETG150 FM transmitter version 3.12, consider restricting access to sensitive...

CVE-2023-45396

CVE-2023-45396 is an IDOR vulnerability affecting Elenos ETG150 FM transmitter version 3.12. The issue enables access to sensitive assets (events profiles) due to insecure direct object references in the application. Connected sources (Red Hat advisory, NVD, PT Security, CNNVD, and others) consis...

Chicv Management System Login 4.5.6 Insecure Direct Object Reference

==================================================================================================================================== | Title : Chicv Management System Login v4.5.6 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0....

GHSA-896V-PH5W-379H Economizzer Insecure Direct Object Reference vulnerability

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...