The vulnerability of the Front End User Registration (sr_feuser_register) extension of the TYPO3 content management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Front End User Registration srfeuserregister extension of the TYPO3 content management system is related to the use of a insecure direct link to an object IDOR. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

CVE-2025-40650 Insecure Direct Object Reference (IDOR) in Clickedu

Insecure Direct Object Reference IDOR vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards...

CVE-2025-40650 Insecure Direct Object Reference (IDOR) in Clickedu

Insecure Direct Object Reference IDOR vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards...

CVE-2025-40650

CVE-2025-40650 corresponds to an Insecure Direct Object Reference (IDOR) vulnerability in the Clickedu platform. Multiple sources describe that an attacker could retrieve information about student report cards, due to improper access control on object references. The issue is rooted in IDOR logic...

Insecure Direct Object Reference (IDOR)

in2code/femanager is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the user parameter in the newAction method of the newController, allows attackers to manipulate the parameter to access data of other frontend users...

Insecure Direct Object Reference (IDOR)

renolit/reint-downloadmanager is vulnerable to Insecure Direct Object Reference. The vulnerability is due to insufficient access control or validation on the downloaduid parameter in the downloadAction, allowing unauthorized users to directly access files they shouldn’t be able to read...

Clickedu 安全漏洞

Clickedu is an academic management platform from Clickedu, Inc. Clickedu has a security vulnerability that stems from an insecure direct object reference that could lead to information disclosure...

PT-2025-22893 · Clickedu · Clickedu

Name of the Vulnerable Software and Affected Versions: Clickedu versions all versions Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability. This could allow an attacker to retrieve information about student report cards. Recommendations: At the moment, there...

CVE-2024-52294

Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...

CVE-2024-7041

An Insecure Direct Object Reference IDOR vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update, where the decentralization design is flawed, allowing attackers to edit other users' memories without...

CVE-2024-25270

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference IDOR vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data...

CVE-2024-27113

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

CVE-2024-45232

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...

CVE-2024-38447

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user...

CVE-2024-32166

Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...

CVE-2024-27630

Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...

CVE-2024-0839

The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive...

CVE-2024-7491

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...

CVE-2024-23747

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference IDOR vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter...

CVE-2024-0366

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...