CVE-2024-47055

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...

Insecure Direct Object Reference (IDOR)

mautic/core is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to missing authorization checks in the segment cloning function, which allows authenticated users to clone segments even if they don’t have the necessary permissions...

Mautic segment cloning doesn't have a proper permission check

Summary This advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...

GHSA-VPH5-GHQ3-Q782 Mautic segment cloning doesn't have a proper permission check

Summary This advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...

CVE-2024-47055 Segment cloning doesn't have a proper permission check

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...

CVE-2024-47055

CVE-2024-47055 concerns Mautic where the cloneAction in the segment management exposes a Missing Authorization vulnerability (IDOR). An authenticated user can clone segments without proper permission checks, bypassing access controls. The root cause is insufficient authorization in the cloneActio...

CVE-2024-47055 Segment cloning doesn't have a proper permission check

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...

The vulnerability of the Download Manager extension reint_downloadmanager in the TYPO3 content management system allows a hacker to upload arbitrary files.

The vulnerability of the Download Manager reintdownloadmanager extension of the TYPO3 content management system is related to the use of a insecure direct link to an object IDOR when processing the downloaduid parameter in the downloadAction structure. Exploiting this vulnerability could allow an...

CVE-2025-40650 Insecure Direct Object Reference (IDOR) in Clickedu

Insecure Direct Object Reference IDOR vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards...

CVE-2025-40650 Insecure Direct Object Reference (IDOR) in Clickedu

Insecure Direct Object Reference IDOR vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards...

CVE-2025-40650

CVE-2025-40650 corresponds to an Insecure Direct Object Reference (IDOR) vulnerability in the Clickedu platform. Multiple sources describe that an attacker could retrieve information about student report cards, due to improper access control on object references. The issue is rooted in IDOR logic...

Insecure Direct Object Reference (IDOR)

in2code/femanager is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the user parameter in the newAction method of the newController, allows attackers to manipulate the parameter to access data of other frontend users...

Insecure Direct Object Reference (IDOR)

renolit/reint-downloadmanager is vulnerable to Insecure Direct Object Reference. The vulnerability is due to insufficient access control or validation on the downloaduid parameter in the downloadAction, allowing unauthorized users to directly access files they shouldn’t be able to read...

Clickedu 安全漏洞

Clickedu is an academic management platform from Clickedu, Inc. Clickedu has a security vulnerability that stems from an insecure direct object reference that could lead to information disclosure...

PT-2025-22893 · Clickedu · Clickedu

Name of the Vulnerable Software and Affected Versions: Clickedu versions all versions Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability. This could allow an attacker to retrieve information about student report cards. Recommendations: At the moment, there...

CVE-2024-52294

Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...

CVE-2024-7041

An Insecure Direct Object Reference IDOR vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update, where the decentralization design is flawed, allowing attackers to edit other users' memories without...

CVE-2024-25270

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference IDOR vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data...

CVE-2024-27113

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

CVE-2024-45232

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...