CVE-2023-2173

The CVE-2023-2173 issue affects the BadgeOS WordPress plugin, specifically versions up to and including 3.7.1.6. The root cause is improper validation and authorization in several AJAX handlers (badgeos_delete_step_ajax_handler, badgeos_delete_award_step_ajax_handler, badgeos_delete_deduct_step_a...

CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...

CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...

CVE-2023-2172

CVE-2023-2172 affects the BadgeOS WordPress plugin up to version 3.7.1.6. The issue arises from improper validation and authorization in four AJAX handlers (badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, badgeos_update_ranks_r...

Authorization Bypass

github.com/gravitl/netmaker is vulnerable to authorization bypass. The vulnerability exists due to an Insecure Direct Object Reference, which allows an attacker to update a password of another user...

PHPValley Micro Jobs 2.0.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : PHPValley Micro Jobs v2.0.1 Missing Authentication Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

iBilling CRM 4.5.0 Add Administrator / Insecure Direct Object Reference

==================================================================================================================================== | Title : iBilling CRM v4.5.0 Add Admin vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

CVE-2023-32078 Netmaker IDOR Vulnerability Allows User to Update Other User's Password

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

Gravitl Netmaker 安全漏洞

Gravitl Netmaker is a platform for creating and managing fast, secure and dynamic virtual overlay networks using WireGuard from Gravitl USA. For creating and controlling automated virtual networks. A security vulnerability exists in Gravitl Netmaker versions prior to 0.18.6 that stems from the...

FlightPath LMS 5.0-rc2 Insecure Direct Object Reference

==================================================================================================================================== | Title : FlightPath LMS v5.0-rc2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

Foodiee CMS 1.0.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : Foodiee CMS v1.0.1 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

FlightPath LMS 4.8.2 Insecure Direct Object Reference

==================================================================================================================================== | Title : FlightPath LMS v4.8.2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Ecommerce Responsive 1.2 Insecure Direct Object Reference

==================================================================================================================================== | Title : Ecommerce Responsive v1.2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

SUSE CVE-2023-37543

Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a different vulnerability than CVE-2019-16723...

helloGTX Travel Portal CRM 1.6 Insecure Direct Object Reference

==================================================================================================================================== | Title : helloGTX Travel Portal CRM v1.6 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser ...

i2soft CMS 2.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : i2soft CMS v2.0 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

DEBIAN-CVE-2023-37543

Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a different vulnerability than CVE-2019-16723...

CVE-2023-37543

Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a different vulnerability than CVE-2019-16723...

UBUNTU-CVE-2023-37543

Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a different vulnerability than CVE-2019-16723...

CVE-2023-37543

CVE-2023-37543 affects Cacti prior to 1.2.6, enabling insecure direct object reference (IDOR) by modifying local_graph_id in graph_xport.php. Root cause: IDOR in graph access. Impact: access to any graph; CVSS base score 7.5 (HIGH) per NVD. Remediation: upgrade to 1.2.6 or newer; no exploitation ...