BloodBank 1.0 Insecure Direct Object Reference

====================================================================================================================================== | Title : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on...

BBAM 1.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : bbam CMS v1.1 unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

PT-2023-6092 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1 and earlier Adobe Commerce versions 2.4.6-p2 and earlier Adobe Commerce versions 2.4.5-p4 and earlier Adobe Commerce versions 2.4.4-p5 and earlier Description: The issue is related to an improper input...

CVE-2023-3105

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

Authorization

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2023-3105

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2023-3105 LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2023-3105

The CVE-2023-3105 entry concerns LearnDash LMS for WordPress, affected through 4.6.0 by an Insecure Direct Object References flaw that lets an attacker with an existing account change arbitrary user passwords and potentially take over administrator accounts. The issue arises from user-controlled ...

WordPress WPFunnels Plugin <= 2.7.15 is vulnerable to Insecure Direct Object References (IDOR)

Software WPFunnels Type Plugin Vulnerable versions = 2.7.15 Fixed in 2.7.16 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE N/A Patch priority Low CVSS severity Low 5.4 Developer WPFunnels Team PSID fefed9db57ed Credits Unknown Required privilege...

CVE-2023-30960 Insecure Direct Object Reference (IDOR) in Foundry job-tracker

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further...

CVE-2023-30960 Insecure Direct Object Reference (IDOR) in Foundry job-tracker

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further...

WordPress WooCommerce GoCardless Gateway Plugin <= 2.5.6 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce GoCardless Gateway Type Plugin Vulnerable versions = 2.5.6 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-37871 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 5a7891bcb8a5 Credi...

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Insecure Direct Object References (IDOR)

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-2172 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56d76680559e Credits Alex Thomas Required...

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Insecure Direct Object References (IDOR)

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-2173 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 413cb9a5b860 Credits Alex Thomas Required...

CVE-2022-42175

Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization...

CVE-2022-42175

Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization...

PT-2023-14067 · Solusvm +1 · Solusvm +1

Name of the Vulnerable Software and Affected Versions: WHMCS module SolusVM version 1.4.1.2 Description: The issue allows an attacker to change the password and hostname of other customer servers without authorization due to an Insecure Direct Object Reference vulnerability. Recommendations: For...

CVE-2022-42175

The CVE-2022-42175 entry applies to the WHMCS module SolusVM, specifically version 1.4.1.2. The vulnerability is an Insecure Direct Object Reference that lets an attacker change the password and hostname of other customers’ servers without authorization. Impact is described as high across confide...

D-Link DAP-1325 Insecure Direct Object Reference

Exploit Title: D-Link DAP-1325 - Broken Access Control Date: 27-06-2023 Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticate...

CVE-2023-3063

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...