4405 matches found
WordPress Spiffy Calendar plugin insecure direct object reference vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Spiffy Calendar plugin 4.9.0 and earlier versions are vulnerable to an insecure direct object...
CVE-2022-29434
Insecure Direct Object References IDOR vulnerability in Spiffy Plugins Spiffy Calendar = 4.9.0 at WordPress allows an attacker to edit or delete events...
GitLab 11.0 < 14.8.6 / 14.9 < 14.9.4 / 14.10 < 14.10.1 (CVE-2022-1352)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the...
CVE-2022-1425
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...
CVE-2022-1425
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...
Design/Logic Flaw
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...
CVE-2022-1425
The CVE concerns the WPQA Builder Plugin for WordPress (pre-5.2), used with the Discy and Himer plugins. The vulnerability arises because the wpqa_message_view AJAX action does not validate that the message_id belongs to the requesting user, enabling an IDOR disclosure where any authenticated use...
CVE-2022-27247
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer e.g., data of birth, full address, mail information, and phone number via GastKont Insecure Direct Object Reference...
CVE-2022-27247
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer e.g., data of birth, full address, mail information, and phone number via GastKont Insecure Direct Object Reference...
Design/Logic Flaw
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer e.g., data of birth, full address, mail information, and phone number via GastKont Insecure Direct Object Reference...
CVE-2022-27247
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer e.g., data of birth, full address, mail information, and phone number via GastKont Insecure Direct Object Reference...
GHSA-HH92-WG7V-8VFR Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers logged in users to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org...
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers logged in users to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org...
SES IT und Web Solutions cdSoft Onlinetools-Smart Winhotel.MX 安全漏洞
SES IT und Web Solutions cdSoft Onlinetools-Smart Winhotel.MX 2021 is a hotel software from SES IT und Web Solutions, Germany. MX 2021 is a hotel software from SES IT und Web Solutions, Germany. cdSoft Onlinetools-Smart Winhotel.MX 2021 version contains a security vulnerability that originates in...
Bus Pass Management System Insecure Direct Object Reference Vulnerability
Bus Pass Management System is a bus pass management system. version 1.0 of Bus Pass Management System is vulnerable to an insecure direct object reference vulnerability that stems from the viewid parameter failing to check user permissions on all target object accesses. An attacker could exploit...
CVE-2022-1352
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...
CVE-2022-1352
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...
Design/Logic Flaw
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...
CVE-2022-1352
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...
CVE-2022-1352
Removed by vendor...