CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2023/08/31 5:33 a.m.•20 views

CVE-2023-2173 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion

6.5CVSS6.5AI score0.00419EPSS

CVE•added 2023/08/31 5:33 a.m.•33 views

CVE-2023-2173

The CVE-2023-2173 issue affects the BadgeOS WordPress plugin, specifically versions up to and including 3.7.1.6. The root cause is improper validation and authorization in several AJAX handlers (badgeos_delete_step_ajax_handler, badgeos_delete_award_step_ajax_handler, badgeos_delete_deduct_step_a...

6.5CVSS4.5AI score0.00419EPSS

Exploits0References5Affected Software1

Cvelist•added 2023/08/31 5:33 a.m.•18 views

CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...

4.3CVSS4.9AI score0.00419EPSS

CVE•added 2023/08/31 5:33 a.m.•38 views

CVE-2023-2172

CVE-2023-2172 affects the BadgeOS WordPress plugin up to version 3.7.1.6. The issue arises from improper validation and authorization in four AJAX handlers (badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, badgeos_update_ranks_r...

4.3CVSS4.5AI score0.00419EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2023/08/31 5:33 a.m.•15 views

CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...

4.3CVSS6.7AI score0.00419EPSS

Veracode•added 2023/08/29 8:39 a.m.•16 views

Authorization Bypass

github.com/gravitl/netmaker is vulnerable to authorization bypass. The vulnerability exists due to an Insecure Direct Object Reference, which allows an attacker to update a password of another user...

7.5CVSS6.9AI score0.00561EPSS

Exploits0References3Affected Software1

Packet Storm•added 2023/08/29 12:0 a.m.•255 views

PHPValley Micro Jobs 2.0.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : PHPValley Micro Jobs v2.0.1 Missing Authentication Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

OSV•added 2023/08/24 9:35 p.m.•23 views

CVE-2023-32078 Netmaker IDOR Vulnerability Allows User to Update Other User's Password

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

7.5CVSS7.4AI score0.00561EPSS

Packet Storm•added 2023/08/24 12:0 a.m.•280 views

FlightPath LMS 5.0-rc2 Insecure Direct Object Reference

==================================================================================================================================== | Title : FlightPath LMS v5.0-rc2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

Packet Storm•added 2023/08/23 12:0 a.m.•313 views

Foodiee CMS 1.0.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : Foodiee CMS v1.0.1 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Packet Storm•added 2023/08/22 12:0 a.m.•241 views

FlightPath LMS 4.8.2 Insecure Direct Object Reference

==================================================================================================================================== | Title : FlightPath LMS v4.8.2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

0day.today•added 2023/08/21 12:0 a.m.•202 views

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR) Vulnerability

Exploit Title: EuroTel ETL3100 - Transmitter Authorization Bypass IDOR Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100...

7.4AI score

Exploit DB•added 2023/08/21 12:0 a.m.•254 views

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)

7.4AI score

Packet Storm•added 2023/08/11 12:0 a.m.•359 views

i2soft CMS 2.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : i2soft CMS v2.0 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...