4435 matches found
CVE-2025-22931
An insecure direct object reference IDOR in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members...
CVE-2025-22931
An insecure direct object reference IDOR in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members...
CVE-2025-22931
An insecure direct object reference IDOR in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members...
CVE-2025-22931
An insecure direct object reference IDOR in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members...
Open Solutions For Education OS4Ed OpenSIS 安全漏洞
Open Solutions For Education OS4Ed OpenSIS is commercial grade, secure, scalable and intuitive student information system, school management software from Open Solutions For Education, USA. Has all the features to run single or multiple organizations in one installation. Web-based, php code, MySQ...
PT-2025-14640 · Os4Ed · Os4Ed Opensis
Name of the Vulnerable Software and Affected Versions: OS4ED openSIS versions 7.0 through 9.1 Description: The issue concerns an insecure direct object reference IDOR in the /assets/stafffiles component. This allows unauthenticated attackers to access files that have been uploaded by staff member...
CVE-2025-22931
OS4ED openSIS vulnerable to an insecure direct object reference (IDOR) in the /assets/stafffiles component affecting versions 7.0 through 9.1. Unauthenticated attackers can access files uploaded by staff members. The CVSS 3.1 base score is 7.5 (HIGH); attack vector NETWORK, scope UNCHANGED, confi...
University Registration System 1.0 Insecure Direct Object Reference
University Registration System version 1.0 suffers from an insecure direct object reference vulnerability that allows for information disclosure. Exploit Title: University Registration System - IDOR Leads to Information Disclosure Date: 2025-03-25 Exploit Author: wa03/td9l Telegram: @wa03/@td9l...
CVE-2024-13558
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-12048
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-11137
An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the...
CVE-2024-13558
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-13558
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-13558 NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-13558 NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-12048
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-11137
An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the...
CVE-2024-11137
An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the...
CVE-2024-12048
CVE-2024-12048 describes an IDOR (Insecure Direct Object Reference) in transformeroptimus/superagi v0.0.14. The vulnerability arises from improper authorization checks across multiple API endpoints, allowing an attacker to view, edit, and delete other users’ information without proper authorizati...
CVE-2024-11137
The CVE describes an Insecure Direct Object Reference (IDOR) in lunary-ai/lunary v1.6.0 where PATCH /v1/runs/:id/score does not verify that the authenticated user owns or can modify the target run. An attacker can modify other users’ run scores by changing the id parameter, impacting data integri...