4435 matches found
CVE-2025-40659 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp...
CVE-2025-40659 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp...
CVE-2025-40659
DM Corporative CMS is affected by an Insecure Direct Object Reference (IDOR) in the endpoint /administer/selectionnode/framesSelectionNetworks.asp, caused by insufficient access control when the option parameter is set to 0, 1, or 2. The vulnerability lets an attacker access the private area data...
CVE-2025-40658 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp...
CVE-2025-40658 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS
An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp...
CVE-2025-40658
DM Corporative CMS is affected by an Insecure Direct Object Reference (IDOR) vulnerability. The flaw occurs in the endpoint /administer/selectionnode/framesSelection.asp where an attacker can set the option parameter to 0, 1, or 2 to access a private area. Impact details indicate exposure of sens...
PT-2025-24643 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...
Dmacroweb DM Corporative CMS 安全漏洞
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which originates from the parameter option in the file /administer/selectionnode/selection.asp that fails to...
DM Corporative CMS 安全漏洞
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which originates from the parameter option in the file /administer/select node/data.asp that fails to proper...
Dmacroweb DM Corporative CMS 安全漏洞
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which stems from the failure of the option parameter in the file...
Dmacroweb DM Corporative CMS 安全漏洞
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which stems from the failure of the option parameter in the file /administer/selectionnode/framesSelection.a...
PT-2025-24645 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...
PT-2025-24644 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...
PT-2025-24642 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...
📄 Adapt CMS 3.0.3 Insecure Direct Object Reference / Incorrect Authorization
Adapt CMS version 3.0.3 suffers from an insecure direct object reference vulnerability that allows for privilege escalation. Exploit Title: IDOR "Change Password" Functionality - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog:...
CVE-2025-4691
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...
CVE-2025-4691
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...
CVE-2025-4691 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...
CVE-2025-4691
CVE-2025-4691 applies to the Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking for WordPress. The vulnerability is an Insecure Direct Object Reference that allows unauthenticated attackers to view details of any booking request via the view_request_details endpoint. Aff...
PT-2025-23399 · WordPress · Easync Booking
Name of the Vulnerable Software and Affected Versions: eaSYNC Booking plugin for WordPress versions prior to 1.3.22 Description: The issue allows unauthenticated attackers to view the details of any booking request due to missing validation on a user-controlled key, specifically via the 'view...