CVE-2022-42129

CVE-2022-42129 describes an insecure direct object reference (IDOR) in the Dynamic Data Mapping module of Liferay Portal 7.3.2–7.4.3.4 and Liferay DXP 7.3 before update 4, 7.4 GA . The vulnerability allows remote authenticated users to view/access form entries via the formInstanceRecordId paramet...

PT-2022-26275 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.4.3.4 Liferay DXP versions 7.3 before update 4, and 7.4 GA Description: An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module allows remote authenticated users to vie...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

CVE-2022-40206

Insecure direct object references IDOR vulnerability in the wpForo Forum plugin = 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public...

CVE-2022-40206

Summary (CVE-2022-40206) Insecure Direct Object References (IDOR) in the WordPress wpForo Forum plugin <= 2.0.5. Affected component: wpForo Forum plugin for WordPress. Root cause: IDOR allows users with subscriber or higher roles to change a forum post’s visibility to private/public. Impact: e...

CVE-2022-40205 WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability

Insecure direct object references IDOR vulnerability in the wpForo Forum plugin = 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved...

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-25282 · WordPress · Wpforo Forum

Name of the Vulnerable Software and Affected Versions: wpForo Forum plugin versions = 2.0.5 Description: The issue is related to an insecure direct object references IDOR vulnerability. This vulnerability allows attackers with subscriber or higher user roles to mark any forum post as solved or...

CVE-2021-36906 WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities

Multiple Insecure Direct Object References IDOR vulnerabilities in ExpressTech Quiz And Survey Master plugin = 7.3.6 on WordPress...

WordPress plugin ExpressTech Quiz And Survey Master 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2022-10600 · Expresstech · Expresstech Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: ExpressTech Quiz And Survey Master plugin versions prior to 7.3.7 Description: The issue concerns Multiple Insecure Direct Object References IDOR vulnerabilities. Recommendations: For ExpressTech Quiz And Survey Master plugin versions prior t...

CVE-2022-39945

An improper access control vulnerability CWE-284 in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references...

CVE-2022-39945

An improper access control vulnerability CWE-284 in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references...

Improper access control

An improper access control vulnerability CWE-284 in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references...

PT-2022-25140 · Fortinet · Fortimail

Name of the Vulnerable Software and Affected Versions: FortiMail versions 6.0 through 7.2.0 Description: The issue allows an authenticated admin user assigned to a specific domain to access and modify other domains' information via insecure direct object references IDOR. This is due to an imprope...

WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities

Multiple Insecure direct object references IDOR vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.6. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.7...

CVE-2022-36966

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference IDOR vulnerability in SolarWinds Platform 2022.3 and previous...

CVE-2022-36966 Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference IDOR vulnerability in SolarWinds Platform 2022.3 and previous...

SUSE-SU-2022:3676-1 Security update for grafana

This update for grafana fixes the following issues: Updated to version 8.5.13 jscPED-2145, jscSLE-23439, jscSLE-23422, jscSLE-24565: - CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation bsc1203596. - CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is us...

Adobe Commerce 输入验证错误漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an input validation error vulnerability that stems from incorrect input validation. An authenticated attacker can trigger an insecure...