4435 matches found
CVE-2025-55886
An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...
CVE-2025-55886
An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...
CVE-2025-55886
CVE-2025-55886 concerns ARD. Affected component is the payment history API endpoint where the fe_uid parameter is used to fetch a user’s payment history. The underlying issue is an Insecure Direct Object Reference (IDOR) allowing an authenticated attacker to manipulate fe_uid to access other user...
CVE-2025-10719
Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files...
CVE-2025-43803
Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...
CVE-2025-43803
Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...
CVE-2025-43803
Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...
CVE-2025-43803
Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...
CVE-2025-43803
The CVE-2025-43803 case affects Liferay Portal and Liferay DXP where the Contacts Center widget directly exposes the entryId parameter (_com_liferay_contacts_web_portlet_ContactsCenterPortlet_entryId) leading to an Insecure Direct Object Reference (IDOR). Affected versions include Liferay Portal ...
CVE-2025-8532 IDOR in Bimser's eBA Document and Workflow Management System
Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166...
CVE-2025-10719
Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files...
CVE-2025-10719
CVE-2025-10719 concerns WisdomGarden’s Tronclass LMS, where an Insecure Direct Object Reference flaw lets remote attackers with regular privileges manipulate a parameter to access other users’ files. Root cause appears to be improper authorization on object references. Public summaries in NVD/Red...
CVE-2025-10719 WisdomGarden|Tronclass - Insecure Direct Object Reference
Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files...
CVE-2025-10719 WisdomGarden|Tronclass - Insecure Direct Object Reference
Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files...
PT-2025-38523
Name of the Vulnerable Software and Affected Versions Tronclass affected versions not specified Description Tronclass Learning Management System suffers from an Insecure Direct Object Reference issue. Remote attackers with regular privileges can manipulate a parameter to gain unauthorized access ...
PT-2025-38612
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.119 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.6 Liferay Portal versions 7.4 GA through update 92 Description An insecure direct object reference...
WisdomGarden Tronclass 安全漏洞
WisdomGarden Tronclass is an interactive instructional management platform from China WisdomGarden, Inc. A security vulnerability exists in WisdomGarden Tronclass that stems from an insecure direct object reference, which could lead to a remote attacker accessing other user files by modifying...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
CVE-2025-10493
The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to hijack and modify other...
CVE-2025-10493 Chained Quiz <= 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to hijack and modify other...