Lucene search
+L

4 matches found

Vulnrichment
Vulnrichment
added 2023/05/02 7:4 a.m.5 views

CVE-2023-1125 Ruby Help Desk < 1.3.4 - Subscriber+ Ticket Update via IDOR

The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own...

6.5AI score0.00559EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/05/02 7:4 a.m.20 views

CVE-2023-1125 Ruby Help Desk < 1.3.4 - Subscriber+ Ticket Update via IDOR

The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own...

6.7AI score0.00559EPSS
Exploits1References1
CVE
CVE
added 2023/05/02 7:4 a.m.83 views

CVE-2023-1125

The CVE-2023-1125 entry concerns the Ruby Help Desk WordPress plugin (versions prior to 1.3.4). The vulnerability is an insecure direct object reference (IDOR) that fails to validate ticket ownership, enabling a subscriber to close tickets or attach files/replies to tickets that do not belong to ...

6.5CVSS6.8AI score0.00559EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/04/17 12:0 a.m.12 views

WordPress Ruby Help Desk Plugin < 1.3.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Ruby Help Desk Type Plugin Vulnerable versions 1.3.4 Fixed in 1.3.4 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-1125 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4bb70b90c759 Credits Ameen Alkurdy...

6.5CVSS6.8AI score0.00559EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder