2764 matches found
CVE-2020-11589
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...
CVE-2020-35577
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference IDOR allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier aka CommonDownload identification number...
CVE-2020-27742
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...
CVE-2020-13462
Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
CVE-2019-19616
An Insecure Direct Object Reference IDOR vulnerability in the Xtivia Web Time and Expense WebTE interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment...
CVE-2019-8235
An insecure direct object reference IDOR vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled...
CVE-2019-7890
An Insecure Direct Object Reference IDOR vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details...
CVE-2017-16630
In SapphireIMS 40971, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference IDOR in the local user creation function...
CVE-2019-17604
An Insecure Direct Object Reference IDOR vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information first name, last name, email, CV, phone number, and all other personal information by changing the value of the candidate id the id...
CVE-2019-13461
In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...
CVE-2018-17449
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference...
GHSA-CVGC-MX2W-H3W8 The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference
The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files...
The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference
The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files...
reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference
Insecure Direct Object Reference in the reintdownloadmanager TYPO3 extension allows remote attackers to read arbitrary files via the downloaduid parameter in the downloadAction...
GHSA-XXWR-WV9G-7JW3 The femanager TYPO3 extension allows Insecure Direct Object Reference
Insecure Direct Object Reference IDOR in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController...
The femanager TYPO3 extension allows Insecure Direct Object Reference
Insecure Direct Object Reference IDOR in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController...
CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...
CVE-2025-20114
CVE-2025-20114 concerns Cisco Unified Intelligence Center API security. The published entries indicate an authenticated, remote attacker could exploit insufficient validation of user-supplied API parameters to perform an insecure direct object reference (IDOR) attack, enabling horizontal privileg...
CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...