CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

CVE-2022-34621

Mealie 1.0.0beta3 is affected by an Insecure Direct Object Reference (IDOR) vulnerability triggered via modification of the user_id parameter, enabling attackers to modify user passwords and other attributes. The root cause is an IDOR flaw that exposes unauthorized access to user data. Public dis...

PT-2022-22250 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie version 1.0.0beta3 Description: The issue allows attackers to modify user passwords and other attributes via modification of the user id parameter. This is due to an Insecure Direct Object Reference IDOR vulnerability. Recommendations:...

PT-2022-6404 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.3-p2 and earlier Adobe Commerce versions 2.3.7-p3 and earlier Adobe Commerce versions 2.4.4 and earlier Description: The issue is related to insufficient input validation, allowing a remote attacker to potentially...

CVE-2022-2499

An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited b...

CVE-2022-2499

GitLab EE Jira integration contains an insecure direct object reference vulnerability that may allow an attacker to leak Jira issues. Affected GitLab EE versions: 13.10–15.0.4, 15.1–15.1.3, and 15.2–15.2.0. Root cause is an insecure direct object reference in the Jira integration. Remediation by ...

CVE-2022-2499

Removed by vendor...

WordPress plugin ActiveDEMAND 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An authorization issue vulnerabilit...

PT-2022-17035 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.10 through 15.0.4 GitLab EE versions 15.1 through 15.1.3 GitLab EE versions 15.2 through 15.2.0 Description: An issue has been discovered in GitLab EE's Jira integration, which has an insecure direct object reference...

Michlol Solutions rashim web interface 操作系统命令注入漏洞

Michlol Solutions rashim web interface is a web interface from Michlol Solutions. An operating system command injection vulnerability exists in the Michlol Solutions rashim web interface prior to version 187.4392, which stems from an insecure direct object reference IDOR in the web interface that...

PT-2022-22319 · Unknown · Michlol - Rashim Web Interface

Name of the Vulnerable Software and Affected Versions: Michlol - rashim web interface affected versions not specified Description: The issue is related to Insecure Direct Object References IDOR in the Michlol - rashim web interface. An attacker needs to login to the system first. After logging in...

GitLab 13.10 < 15.0.5 / 15.1 < 15.1.4 / 15.2 < 15.2.1 (CVE-2022-2499)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab...

CVE-2022-34769

Michlol - rashim web interface Insecure direct object references IDOR. First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goa...

Primary Arms PII Disclosure via IDOR (FIXED)

Update August 2, 2022: This issue was resolved by Primary Arms the same day Rapid7 published this report, and the IDOR vulnerability appears to be no longer exploitable. The Primary Arms website, a popular e-commerce site dealing in firearms and firearms-related merchandise, suffers from an...

Non-Privilege user can view Patient's Amendments

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version Open-Source electronic health records and medical practice management application has Insecure direct object reference IDOR to function “Patient’s Amendments”, and it never bee...

CVE-2022-34150

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification...

Design/Logic Flaw

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification...

CVE-2022-33944 ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs...

CVE-2022-34150

CVE-2022-34150 affects the MiCODUS MV720 GPS tracker Web server and is an authenticated insecure direct object reference vulnerability on endpoints/parameters for device IDs, enabling an attacker with basic access to manipulate device IDs without further verification (authorization bypass). Publi...