3470 matches found
CVE-2024-40395
An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...
PTC ThingWorx 安全漏洞
PTC ThingWorx is a complete end-to-end technology platform designed for the Industrial Internet of Things IIoT from PTC Corporation, USA. A security vulnerability exists in PTC ThingWorx version v9.5.0 that stems from an insecure direct object reference that allows an attacker to view sensitive...
CVE-2024-40395
An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...
CVE-2024-40395
An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...
CVE-2024-7848
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...
CVE-2024-7848
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...
CVE-2024-7848
CVE-2024-7848 affects the WordPress plugin “User Private Files – Upload Documents & Secure File Sharing with Frontend File Manager” (versions
CVE-2024-7848 User Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...
CVE-2024-43239 WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.11.4...
CVE-2024-43239 WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.11.4...
CVE-2023-7049
The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...
CVE-2023-7049
The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...
CVE-2023-7049 Custom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode
The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...
CVE-2023-7049
CVE-2023-7049 affects the Custom Field For WP Job Manager WordPress plugin. It enables insecure direct object access via the cm_fieldshow shortcode, due to missing validation of the job_id parameter. All versions up to 1.2 are affected. Exploitation requires authenticated access at contributor le...
CVE-2023-7049 Custom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode
The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...
WordPress Custom Field For WP Job Manager plugin <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode vulnerability
Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Custom Field For WP Job Manager versions = 1.2...
Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : Bhojon restaurant management system v3.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...
Farmacia Gama 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Farmacia Gama v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
Bhojon Restaurant Management System 2.8 Insecure Direct Object Reference
==================================================================================================================================== | Title : Bhojon restaurant management system v2.9 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...
AccPack Buzz 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : AccPack Buzz v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vend...