3461 matches found
CVE-2024-1289
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...
CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...
CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...
CVE-2024-1289
CVE-2024-1289 affects LearnPress – WordPress LMS Plugin. All versions up to 4.2.6.3 are vulnerable to Insecure Direct Object Reference (IDOR) due to missing validation on a user-controlled key when retrieving order data. Authenticated attackers can view orders placed by other users and guests, en...
CVE-2024-27630
Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...
GNU Savane 安全漏洞
GNU Savane is a collaborative software development management system for project management, code hosting and community collaboration. GNU Savane suffers from an insecure direct object reference vulnerability that arises from an application that does not properly implement access control mechanis...
WordPress ProfileGrid plugin <= 5.7.6 - IDOR on Friend Request vulnerability
IDOR on Friend Request vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.6...
Insecure Direct Object Reference (IDOR)
bagisto/bagisto is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient validation of the invoice ID parameter in the print function within OrderController.php. This flaw allows an attacker to retrieve sensitive information, resulting in Information...
LearnPress < 4.2.6.4 - Insecure Direct Object Reference
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated...
Thumbs Rating <= 5.1.0 - Unauthenticated Insecure Direct Object Reference
Description The Thumbs Rating plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.0 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Molongui < 4.7.8 - Authenticated (Author+) Insecure Direct Object Reference
Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.7.7 due to missing validation on a user controlled key. This makes it possible for authenticated...
Whizzy <= 1.1.18 - Authenticated (Subscriber+) Insecure Direct Object Reference
Description The Whizzy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.18 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...
CVE-2024-29024
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...
CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...
CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...
CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...
Insecure Direct Object Reference (IDOR)
pimcore/pimcore is vulnerable to Insecure Direct Object Reference IDOR. This vulnerability is due to insufficient access controls and improper handling of session information within the Pimcore platform. Specifically, the flaw arises from the platform's failure to properly restrict access to...
GHSA-PMC7-HMMW-G96Q Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Insecure Direct Object Reference IDOR in Bagisto v.1.5.0 allows an attacker to obtain sensitive information via the invoice ID parameter...
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Insecure Direct Object Reference IDOR in Bagisto v.1.5.0 allows an attacker to obtain sensitive information via the invoice ID parameter...
CVE-2023-36238
Insecure Direct Object Reference IDOR in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter...