4405 matches found
CVE-2024-9700 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...
CVE-2024-51066
An Insecure Direct Object Reference IDOR vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information PII of other customers...
PHPGurukul Beauty Parlour Management System 安全漏洞
Beauty Parlour Management System is an application system. The Beauty Parlour Management System suffers from an insecure direct object reference vulnerability that could be exploited by an attacker to gain access to personally identifiable information of other customers...
CVE-2024-7474
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference IDOR vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access...
CVE-2024-7474 IDOR in lunary-ai/lunary
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference IDOR vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access...
CVE-2024-7474 IDOR in lunary-ai/lunary
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference IDOR vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access...
CVE-2024-7474
In lunary-ai/lunary v1.3.2, CVE-2024-7474 describes an Insecure Direct Object Reference (IDOR) vulnerability where an attacker can view or delete external users by tampering with the id parameter in the request URL. The issue stems from inadequate checks on id, enabling unauthorized access to ext...
Lunary 安全漏洞
Lunary is a production toolkit for LLMs open sourced by Lunary. A security vulnerability exists in Lunary v1.3.2, which stems from the presence of an IDOR vulnerability that allows an authenticated user to update another user's prompt by manipulating the id parameter in the request...
PT-2024-9679 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.3.2 Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability, which allows unauthorized access to external user data by manipulating the id parameter in the request URL. This can...
Lunary 访问控制错误漏洞
lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from an insecure direct object reference IDOR vulnerability that can be exploited by an attacker to manipulate the id parameter in a request URL to view or delete an...
CVE-2024-9825
The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...
CVE-2024-9825
The CVE-2024-9825 entry concerns the Chef Habitat builder-api on-prem-builder package. It states that any version older than habitat/builder-api/10315/20240913162802 is vulnerable to an IDOR issue that allows unauthorized deletion of a personal token, with the vulnerability attributed to the buil...
CVE-2024-9825 The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token
The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...
CVE-2024-9825 The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token
The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...
CVE-2024-10439
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...
CVE-2024-10439
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...
CVE-2024-10439 Sunnet eHRD CTMS - Insecure Direct Object Reference
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...
CVE-2024-10439
The CVE-2024-10439 entry concerns the Sunnet eHRD CTMS system, where an Insecure Direct Object Reference (IDOR) vulnerability exists in a parameter that allows unauthenticated remote attackers to access arbitrary files uploaded by any user. Affected software: eHRD CTMS from Sunnet (no other produ...
CVE-2024-10439 Sunnet eHRD CTMS - Insecure Direct Object Reference
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...
WordPress WPSchoolPress plugin <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation vulnerability
Insecure Direct Object Reference to Authenticated Teacher+ Account Takeover/Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin WPSchoolPress versions = 2.2.10...