3 matches found
CVE-2025-34293
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...
CVE-2025-34293 GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...
PT-2025-43674
Name of the Vulnerable Software and Affected Versions GN4 Publishing System versions prior to 2.6 Description GN4 Publishing System contains an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API’s object endpoints allow an authenticated user to...