CVE-2019-14725

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account...

CVE-2019-13461

In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...

CVE-2018-17449

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference...

GHSA-CVGC-MX2W-H3W8 The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference

The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files...

The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference

The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files...

reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference

Insecure Direct Object Reference in the reintdownloadmanager TYPO3 extension allows remote attackers to read arbitrary files via the downloaduid parameter in the downloadAction...

GHSA-XXWR-WV9G-7JW3 The femanager TYPO3 extension allows Insecure Direct Object Reference

Insecure Direct Object Reference IDOR in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController...

The femanager TYPO3 extension allows Insecure Direct Object Reference

Insecure Direct Object Reference IDOR in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController...

CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-20114

CVE-2025-20114 concerns Cisco Unified Intelligence Center API security. The published entries indicate an authenticated, remote attacker could exploit insufficient validation of user-supplied API parameters to perform an insecure direct object reference (IDOR) attack, enabling horizontal privileg...

CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-48207

The reintdownloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference...

CVE-2025-48202

The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference...

CVE-2025-48205

The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 5.0.0 and earlier, which stems from the presence of an unsafe direct object reference...

TYPO3 femanager 安全漏洞

TYPO3 femanager is a TYPO3 extension to the TYPO3 open source. A security vulnerability exists in TYPO3 femanager version 8.2.1 and earlier, which stems from the presence of an unsafe direct object reference...

CVE-2025-48207

The CVE-2025-48207 entry concerns the TYPO3 reint_downloadmanager extension (versions up to 5.0.0). Affected component: reint_downloadmanager’s downloadAction handling allows Insecure Direct Object Reference via the downloaduid parameter, enabling attackers to read arbitrary files. Impact: inform...

CVE-2025-48205

The CVE-2025-48205 entry concerns the sr_feuser_register extension for TYPO3 (up to version 12.4.8). The root cause is an Insecure Direct Object Reference that allows attackers to read arbitrary files. Impact is a high-severity exposure of potentially sensitive information. Public references in c...

CVE-2025-48207

The reintdownloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference...