3468 matches found
Online Food Management System 1.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : Online Food Management System 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits |...
Insecure Direct Object Reference (IDOR)
in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused due to improper validation of the mail parameter in the createAction function, allows an unauthenticated attacker to access user-submitted data from all forms handled by the extension...
powermail TYPO3 extension has Insecure Direct Object Reference
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...
GHSA-Q25C-R482-77P9 powermail TYPO3 extension has Insecure Direct Object Reference
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...
CVE-2024-47047
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...
CVE-2024-47047
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...
CVE-2024-47047
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...
CVE-2024-47047
CVE-2024-47047 concerns the powermail TYPO3 extension (up to 12.4.0). The root cause is the failure to validate the mail parameter in the createAction, leading to an Insecure Direct Object Reference (IDOR). Consequence: an unauthenticated attacker can view user-submitted data from all forms persi...
CVE-2024-25270
An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference IDOR vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data...
ownCloud < 10.15.0 Multiple Vulnerabilities
ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; ifdescription...
CVE-2024-25270
Mirapolis LMS 4.6.XX contains an IDOR vulnerability that authenticated users can exploit by manipulating the ID parameter and incrementing the STEP parameter, potentially exposing sensitive user data. Root cause: insecure direct object reference in the affected endpoint. Affected product/version:...
CVE-2024-27113
An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...
CVE-2024-27113 Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02
An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...
CVE-2024-27113 Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02
An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...
Insecure Direct Object Reference in external storage - ownCloud
Insecure Direct Object Reference in external storage configuration may allow an authenticated attacker to change configuration of external storage of another user as well as gain access to credentials...
CVE-2024-8428
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...
CVE-2024-8428
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...
CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...
CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...
CVE-2024-8428
Summary (CVE-2024-8428) : The ForumWP – Forum & Discussion Board Plugin for WordPress (