180 matches found
PT-2024-18177 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 0.3.0 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the project update endpoint, allowing authenticated users to modify the name of any project within the system without proper...
PT-2023-31274 · Unknown · Dolphinscheduler
Name of the Vulnerable Software and Affected Versions: DolphinScheduler versions prior to 3.1.0 Description: The issue allows authenticated users to delete UDF functions in the resource center without authorization, which is related to an unauthorized access vulnerability, also known as Insecure...
Sysaid Technologies SysAid Security Vulnerabilities
Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. A security vulnerability exists in Sysaid Technologies SysAid versions prior to 23.2.15 that stems from the presence of an insecure direct object reference IDOR issue that allows an attacker...
Incorrect Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization through the V1/customers/me endpoint. An attacker can achieve information exposure and privilege escalation by triggering an insecure direct object...
PT-2023-32827 · WordPress · User Shortcodes Plus
Name of the Vulnerable Software and Affected Versions: User Shortcodes Plus plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to Insecure Direct Object Reference, which affects the user meta shortcode due to missing validation on a user-controlled key. Th...
PT-2023-24621 · WordPress · Woocommerce Stripe Payment Gateway
Name of the Vulnerable Software and Affected Versions: WooCommerce Stripe Payment Gateway plugin versions prior to 7.4.1 Description: A security issue has been identified that could lead to the unauthorized disclosure of sensitive information, specifically a PII disclosure due to an unauthenticat...
Shop Beat Media Player 安全漏洞
Shop Beat is a media player from Shop Beat, Inc. A security vulnerability exists in Shop Beat Media Player versions 2.5.95 through 3.2.57 that stems from vulnerability to insecure direct object reference attacks...
CVE-2022-43492
Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...
CVE-2022-41479
The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...
PT-2022-21762 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.5 through 15.1.5 GitLab EE versions 15.2 through 15.2.3 GitLab EE versions 15.3 through 15.3.1 Description: An issue has been discovered in GitLab EE's Zentao integration, which has an insecure direct object reference th...
Airties Smart Wi-Fi 安全漏洞
Airties Smart Wi-Fi is a series of Wi-Fi extenders from Airties Turkey. A security vulnerability exists in Airties Smart Wi-Fi versions prior to 2020-08-04, which stems from an insecure direct object reference...
Squiz Matrix 安全漏洞
Squiz Matrix is a web CMS from Squiz, Inc. that helps digital marketers create and publish content while building websites without deep technical skills. A security vulnerability exists in Squiz Matrix CMS version 6.20, which stems from an insecure direct object reference vulnerability when it...
PT-2022-6404 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.3-p2 and earlier Adobe Commerce versions 2.3.7-p3 and earlier Adobe Commerce versions 2.4.4 and earlier Description: The issue is related to insufficient input validation, allowing a remote attacker to potentially...
CVE-2022-30760
An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...
Shopware 日志信息泄露漏洞
Shopware is an open source e-commerce software.The import/export functionality in versions of Shopware prior to 6.4.3.1 is vulnerable to insecure direct object referencing of log files. No detailed vulnerability details are currently available...
Nagios XI Security Vulnerability
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in the Favorites component of Nagios XI 5.8.0 before 1.0.2, which stems fr...
Atlassian Fisheye and Crucible Information Disclosure Vulnerabilities
Atlassian Fisheye and Crucible are both products of Atlassian Australia.Atlassian Fisheye is a deep source code viewer.Crucible is a code review tool. A security vulnerability exists in Atlassian Fisheye and Atlassian Crucible, which can be exploited by an attacker to browse local files via an...
Newgen Egov Correspondence Management System Security Breach
Newgen Egov Correspondence Management System is a correspondence management software for office environments from Newgen USA. A security vulnerability exists in Newgen eGov 12.0 Correspondence Management System, which can be exploited by an attacker to modify another user's personal information...
CVE-2020-15958
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL...
WordPress Auth0 Insecure Direct Object Reference Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Auth0 versions prior to 4.0.0. The vulnerability can be exploited...