Non-Privilege User Can View Patient’s Disclosures

Vulnerability Type Insecure Direct Object Reference Affected URL https://localhost/openemr-6.0.0/ /interface/patientfile/summary/recorddisclosure.php?editlid=X Method GET Parameter editlid Authentication Required? Yes Issue Summary Non-privilege users accounting, front office can view patient’s...

Directory traversal

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

CVE-2022-24385

A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010...

Information disclosure

A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010...

SmarterTools SmarterTrack 安全漏洞

SmarterTools SmarterTrack is a customer service software from SmarterTools UK. It improves customer service and reduces support costs. A security vulnerability exists in SmarterTools SmarterTrack 100.0.8019.14010 that originates from direct object access in SmarterTools SmarterTrack...

CVE-2022-24385

CVE-2022-24385 describes a Direct Object Access vulnerability in SmarterTools SmarterTrack, affecting version 100.0.8019.14010 and leading to information disclosure. The connected documents confirm the affected product and version, and indicate the underlying issue is direct object access, with p...

CVE-2022-24385

A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010...

Accounting User Can Download Patient Reports in openemr

Vulnerability Type Insecure Direct Object Reference Affected URL https://localhost/openemr/interface/patientfile/report/customreport.php Affected Parameters “Issue7” Authentication Required? Yes Issue Summary Non-privilege users accounting & front-office can download patient reports containing...

CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

OpenEMR <= 6.0.0 IDOR Vulnerability

OpenEMR is prone to an insecure direct object reference IDOR vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-25471

An Insecure Direct Object Reference IDOR vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zendmodules/public/Installer/register...

CVE-2022-25471

An Insecure Direct Object Reference IDOR vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zendmodules/public/Installer/register...

OpenEMR 安全漏洞

OpenEMR is an open source medical management system from the OpenEMR Openemr community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. OpenEMR suffers from a security vulnerability that stems from an insecure...

CVE-2022-0732

CVE-2022-0732 describes an insecure direct object reference (IDOR) in the backend infrastructure shared by multiple mobile device monitoring services, causing inadequate authentication/authorization of API requests. Connected sources tie this vulnerability to stalkerware families (e.g., 1Byte, Co...

TheSpyApp 访问控制错误漏洞

TheSpyApp is the next generation of smartphone monitoring software. TheSpyApp suffers from a security vulnerability that stems from an IDOR Insecure Direct Object Reference vulnerability that arises from a backend infrastructure shared by multiple mobile device monitoring services that does not...

PT-2022-13397 · 1Byte · Copy9 +8

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an Insecure Direct Object...

CVE-2022-0731

Improper Access Control IDOR in GitHub repository dolibarr/dolibarr prior to 16.0...

Dolibarr 访问控制错误漏洞

Dolibarr is a software application. A modern software package that helps manage your organization's activities. A security vulnerability exists in dolibarr that stems from incorrect access control IDOR...

CVE-2022-0732

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability...