7 matches found
EUVD-2026-30269
Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...
CVE-2026-5798
Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...
EUVD-2021-14352
Malware in sbrugna...
CVE-2024-12812
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters to access the data of terminated employees...
CVE-2024-12812
CVE-2024-12812 affects the WP ERP plugin for WordPress (WooCommerce CRM & Accounting), specifically versions prior to 1.13.4. The issue is an IDOR that lets authenticated users manipulate parameters to access data of terminated employees. The root cause is improper access control around parameter...
PT-2025-21446 · WordPress · Wp Erp
Name of the Vulnerable Software and Affected Versions: The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin versions prior to 1.13.4 Description: The issue allows employees to manipulate parameters and access the data of terminated...
Larvata Flygo 安全漏洞
Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker, after authenticating as an ordinary user, to arbitrarily access employee data by manipulating the employee ID i...