CVE-2023-6226

CVE-2023-6226 affects the WordPress plugin WP Shortcodes Plugin – Shortcodes Ultimate, versions ≤ 5.13.3. The issue is an Insecure Direct Object Reference (IDOR) in the su_meta shortcode caused by missing validation of user-controlled keys key and post_id. This allows authenticated users with con...

CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...

CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...

Sysaid Technologies SysAid Security Vulnerabilities

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. A security vulnerability exists in Sysaid Technologies SysAid versions prior to 23.2.15 that stems from the presence of an insecure direct object reference IDOR issue that allows an attacker...

Pre-Publish Checklist < 1.1.2 - Insecure Direct Object Reference to Arbitrary Post '_ppc_meta_key' Update

Description The Pre-Publish Checklist plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.1.1 via the ppcmetaboxajaxaddhandler and ppcmetaboxajaxdeletehandler functions due to missing validation on a user controlled key. This can allow...

Youzify < 1.2.3 - Insecure Direct Object Reference

Description The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.2 due to missing validation on a user controlled key. This makes it...

Sunshine Photo Cart < 3.0 - Insecure Direct Object Reference to Order Manipulation

Description The Sunshine Photo Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.9.25 due to missing validation on a user-controlled key. This can allow unauthenticated attackers to manipulate orders that do not belong to them...

CVE-2023-38884

An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...

CVE-2023-38884

An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...

CVE-2023-38884

An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...

Design/Logic Flaw

An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...

TYPO3-EXT-SA-2023-009: Insecure Direct Object Reference in extension "Content Consent" (content_consent)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-009...

Open Solutions For Education openSIS Security Vulnerability

Open Solutions For Education openSIS is an open source student information management system from Open Solutions For Education, USA. A security vulnerability exists in Open Solutions For Education openSIS Classic Community Edition version v9.0, which stems from the presence of an insecure direct...

CVE-2023-38884

An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...

CVE-2023-38884

CVE-2023-38884 affects the Community Edition (openSIS Classic) v9.0. The issue is an Insecure Direct Object Reference (IDOR) that allows an unauthenticated remote attacker to access any student’s files by visiting a direct file URL under /assets/studentfiles/-. The vulnerability stems from insuff...

UBUNTU-CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

Insecure Direct Object Reference (IDOR)

ibexa/core is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is present because the DownloadController.php does not adequately validate the filenames in download URLs, allowing an attacker to craft malicious download URLs with filenames that bear no relation to the actual...

Inventory Management System Security Vulnerability

Inventory Management System is an inventory management system by the individual developers of stemword. A security vulnerability exists in Inventory Management System v1.0 that could allow an attacker to change any user's password and take over the account via an IDOR in the password change...

PT-2023-30028 · Sourcecodester · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Free and Open Source inventory management system version 1.0 Description: The issue allows an arbitrary user to change the password of another user and take over the account via Insecure Direct Object Reference IDOR in the...

Lost and Found Information System security breach

Lost and Found Information System is a lost and found information system by oretnom23 Individual Developer. A security vulnerability exists in version 1.0 of the Lost and Found Information System, which stems from an insecure direct object reference vulnerability in the system that allows account...