4405 matches found
Insecure Direct Object Reference in extension "Content Consent" (content_consent)
The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference IDOR vulnerability with the potential to expose internal content elemen...
CVE-2023-48225
Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...
CVE-2023-48641
Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...
CVE-2023-48641
Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...
CVE-2023-48641
Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...
Authorization
Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...
CVE-2023-48641
Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...
CVE-2023-48641
Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...
PT-2023-29751 · Floorsight · Floorsight Customer Portal Q3 2023
Name of the Vulnerable Software and Affected Versions: Floorsight Customer Portal Q3 2023 Description: An indirect Object Reference IDOR in the Order and Invoice pages allows an unauthenticated remote attacker to view sensitive customer information. Recommendations: As a temporary workaround,...
WP Photo Album Plus < 8.6.01.003 - Insecure Direct Object Reference
Description The WP Photo Album Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.5.02.005 due to missing validation on a user controlled key. This makes it possible for unauthenticated attacker to perform an unauthorized action bas...
CVE-2023-5808
CVE-2023-5808 affects Hitachi NAS SMU versions prior to 14.8.7825.01. It is an Insecure Direct Object Reference (IDOR) vulnerability that lets authenticated Storage/Server/Server+Storage Administrators download HNAS configuration backups and diagnostic data via URL manipulation, potentially expos...
PT-2023-7927 · Hitachi Vantara · Hitachi Vantara Hnas
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara HNAS versions prior to 14.8.7825.01 Description: The issue allows authenticated users to access sensitive information through Insecure Direct Object Reference IDOR. This can be achieved by manipulating URLs, enabling users in...
Hitachi Vantara HNAS Authorization Issues Vulnerability
Hitachi Vantara HNAS is an enterprise NAS from Hitachi, Japan, designed to provide a consolidated NAS solution for distributed enterprise and data center applications. An authorization issue vulnerability exists in Hitachi Vantara HNAS version 14.8.7825.01, which stems from an information...
PT-2023-31274 · Unknown · Dolphinscheduler
Name of the Vulnerable Software and Affected Versions: DolphinScheduler versions prior to 3.1.0 Description: The issue allows authenticated users to delete UDF functions in the resource center without authorization, which is related to an unauthorized access vulnerability, also known as Insecure...
WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.0 - Insecure Direct Object Reference to Information Disclosure
Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible...
CVE-2023-6226
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...
Input validation
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...
CVE-2023-6226 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...
CVE-2023-6226
CVE-2023-6226 affects the WordPress plugin WP Shortcodes Plugin – Shortcodes Ultimate, versions ≤ 5.13.3. The issue is an Insecure Direct Object Reference (IDOR) in the su_meta shortcode caused by missing validation of user-controlled keys key and post_id. This allows authenticated users with con...
CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards
Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...