CVE-2022-34138

Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...

Information disclosure

Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...

WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Vulnerabilities

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference,...

CVE-2022-34138

Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...

CVE-2022-34138

CVE-2022-34138 describes an insecure direct object reference (IDOR) in the web server of Biltema IP and Baby Camera Software version v124. The vulnerability allows an attacker to access sensitive information via the product’s web server. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

BILTEMA IP CAM 安全漏洞

BILTEMA IP CAM is a client for plug-and-play IP cameras from BILTEMA. A security vulnerability exists in BILTEMA IP CAM version v124, which originates from an insecure direct object reference in the web server. An attacker can exploit this vulnerability to access sensitive information...

CVE-2022-34138

Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...

GHSA-QWX8-MXXX-MG96 wallabag contains Improper Authorization via export feature

Description The export feature lets a user export a single entry or a set of entries in a given format e.g. PDF, MOBI, TXT. For example, https://yourinstance.wallabag.org/export/45.pdf will export the entry with id 45 in PDF format. Since wallabag 2.0.0-alpha.1, this feature is vulnerable to an...

Improper Authorization

wallabag/wallabag is vulnerable to Improper Authorization. A remote attacker is able to gain access to unauthorized annotations from other users due to insecure direct object references which is made possible because of improper validation of the user permissions...

Improper Authorization

wallabag/wallabag is vulnerable to Improper Authorization. A remote attacker is able to gain access to unauthorized projects from other users due to insecure direct object references which is made possible because of improper validation of the user permissions...

Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to Missing Authorization, Insecure Direct Object Reference,...

WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-0550 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 53344b864cc7 Credits Marco...

CVE-2023-0550

The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...

Design/Logic Flaw

The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...

CVE-2023-0550 Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference

The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...

CVE-2023-0550 Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference

The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...

CVE-2023-0550

The CVE-2023-0550 entry concerns the Quick Restaurant Menu WordPress plugin (versions

WordPress plugin Quick Restaurant Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-16355 · WordPress · Quick Restaurant Menu

Name of the Vulnerable Software and Affected Versions: Quick Restaurant Menu plugin for WordPress versions up to, and including, 2.0.2 Description: The issue arises from Insecure Direct Object Reference, where the plugin fails to verify the post ID provided to the AJAX action during menu item...

LISTSERV 17 Insecure Direct Object Reference Vulnerability

Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-40319 Steps to replicate 1. Create two accounts on your LISTSERV 17 installation, logging into each one in ...