2754 matches found
CVE-2025-51628
Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...
CVE-2025-51628
Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
PT-2025-31860 · Unknown +1 · Sogo Web Mail +1
Name of the Vulnerable Software and Affected Versions: SOGo Webmail versions through 5.6.0 Description: An Insecure Direct Object Reference IDOR vulnerability allows an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending...
CVE-2025-50340
CVE-2025-50340 affects SOGo Webmail up to version 5.6.0 (authenticated IDOR). The vulnerability lets an authenticated user send emails on behalf of other users by manipulating a sender identity in the email-sending request, due to insufficient verification of authorization to use the specified se...
CVE-2025-50849
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference IDOR. The user profile functionality allows enabling or disabling stickers through a parameter companyid sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate...
PT-2025-31549 · Cs Cart · Cs-Cart
Name of the Vulnerable Software and Affected Versions: CS Cart version 4.18.3 Description: CS Cart is susceptible to an Insecure Direct Object Reference IDOR issue. The user profile functionality does not properly validate server-side operations when enabling or disabling stickers. An authenticat...
CVE-2025-50849
CS Cart 4.18.3 is affected by CVE-2025-50849: an Insecure Direct Object Reference (IDOR) in the user profile function via the company_id parameter allows an authenticated user to alter another user’s sticker setting due to insufficient server-side validation. Root cause: improper validation of ob...
CVE-2025-50849
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference IDOR. The user profile functionality allows enabling or disabling stickers through a parameter companyid sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate...
CVE-2025-50849
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference IDOR. The user profile functionality allows enabling or disabling stickers through a parameter companyid sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate...
WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability
Insecure Direct Object References IDOR Vulnerability discovered by Bao BlueRock in WordPress Plugin Motors versions = 1.4.80...
Insecure Direct Object Reference (IDOR)
in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control on file download functionality, which allows an attacker to download arbitrary files from the webserver...
Insecure Direct Object Reference (IDOR)
in2code/femanager is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control due to direct access to user data objects without proper authorization checks, allowing unauthorized modification of user data...
CVE-2025-6585
The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the csremoveprofilecallback function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-51862
Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...
CVE-2025-51865
Ai2 playground web service playground.allenai.org LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference IDOR, allowing attackers to gain sensitvie information via enumerating thread keys in the URL...
CVE-2025-51867
Insecure Direct Object Reference IDOR vulnerability in Deepfiction AI deepfiction.ai thru June 3, 2025, allowing attackers to chat with the LLM using other users' credits via sensitive information gained by the /browse/stories endpoint...
CVE-2025-51869
Insecure Direct Object Reference IDOR vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted spaceid, threadid, and messageid parameters to the v1/space/spaceid/thread/threadid/message/messageid endpoint...