The vulnerability of the Download Manager extension reint_downloadmanager in the TYPO3 content management system allows a hacker to upload arbitrary files.

The vulnerability of the Download Manager reintdownloadmanager extension of the TYPO3 content management system is related to the use of a insecure direct link to an object IDOR when processing the downloaduid parameter in the downloadAction structure. Exploiting this vulnerability could allow an...

CVE-2019-14730

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account...

CVE-2019-14721

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account...

CVE-2019-14245

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...

CVE-2019-14729

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account...

CVE-2019-14722

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account...

CVE-2019-14246

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords of any user in /etc/passwd via an attacker account...

CVE-2019-14728

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account...

CVE-2019-14726

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account...

CVE-2019-14725

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account...

CVE-2025-3874

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and...

WordPress NP Quote Request for WooCommerce plugin <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Tim Coen in WordPress Plugin NP Quote Request for WooCommerce versions = 1.9.179...

WordPress Business Directory plugin <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition vulnerability

Insecure Direct Object Reference to Listing Arbitrary Image Addition vulnerability discovered by Rein Daelman trein in WordPress Plugin Business Directory versions = 6.4.14...

WordPress FooGallery plugin <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates vulnerability

Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Post/Page Updates vulnerability discovered by Stiofan in WordPress Plugin FooGallery versions = 2.4.29...

WordPress SupportCandy plugin <= 3.3.0 - Insecure Direct Object Reference vulnerability

Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin SupportCandy versions = 3.3.0...

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...

CVE-2024-13855

The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the paeglobalblock shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2024-13719

The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for...

WordPress plugin Return Refund and Exchange For WooCommerce 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An authorization issue vulnerability exists...