CVE-2023-50342 Insecure Direct Object Reference (IDOR) affects DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference IDOR vulnerability. A user can obtain certain details about another user as a result of improper access control...

CVE-2023-50342

CVE-2023-50342 affects HCL DRYiCE MyXalytics with an Insecure Direct Object Reference (IDOR) due to improper access control, allowing a user to obtain certain details about another user. Root cause: IDOR (insecure access controls). Impact is described as confidentiality-related; other document se...

LearnPress < 4.2.5.8 - Subscriber+ Arbitrary Course Progress Disclosure

Description The plugin is vulnerable to Insecure Direct Object Reference in the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the...

GitLab 14.1 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39889)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API...

Exploit for Improper Authentication in Hitachi Vantara_Hitachi_Network_Attached_Storage

CVE-2023-5808 CVE-2023-5808 is an Insecure Direct Object R...

Insecure Direct Object Reference (IDOR)

t3s/content-consent is vulnerable to Insecure Direct Object Reference IDOR. The issue arises because the library fails to verify whether a specified content element identifier is permitted by the plugin. This allows an unauthenticated user to display various content elements, leading to an insecu...

GHSA-J8CW-PPMV-WJ85 Insecure Direct Object Reference in extension "Content Consent" (content_consent)

The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference IDOR vulnerability with the potential to expose internal content elemen...

Insecure Direct Object Reference in extension "Content Consent" (content_consent)

The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference IDOR vulnerability with the potential to expose internal content elemen...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

Authorization

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

WP Photo Album Plus < 8.6.01.003 - Insecure Direct Object Reference

Description The WP Photo Album Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.5.02.005 due to missing validation on a user controlled key. This makes it possible for unauthenticated attacker to perform an unauthorized action bas...

CVE-2023-5808

CVE-2023-5808 affects Hitachi NAS SMU versions prior to 14.8.7825.01. It is an Insecure Direct Object Reference (IDOR) vulnerability that lets authenticated Storage/Server/Server+Storage Administrators download HNAS configuration backups and diagnostic data via URL manipulation, potentially expos...

Hitachi Vantara HNAS Authorization Issues Vulnerability

Hitachi Vantara HNAS is an enterprise NAS from Hitachi, Japan, designed to provide a consolidated NAS solution for distributed enterprise and data center applications. An authorization issue vulnerability exists in Hitachi Vantara HNAS version 14.8.7825.01, which stems from an information...

PT-2023-31274 · Unknown · Dolphinscheduler

Name of the Vulnerable Software and Affected Versions: DolphinScheduler versions prior to 3.1.0 Description: The issue allows authenticated users to delete UDF functions in the resource center without authorization, which is related to an unauthorized access vulnerability, also known as Insecure...

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.0 - Insecure Direct Object Reference to Information Disclosure

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible...

CVE-2023-6226

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

Input validation

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

CVE-2023-6226 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...