4 matches found
CVE-2024-7474
In lunary-ai/lunary v1.3.2, CVE-2024-7474 describes an Insecure Direct Object Reference (IDOR) vulnerability where an attacker can view or delete external users by tampering with the id parameter in the request URL. The issue stems from inadequate checks on id, enabling unauthorized access to ext...
Design/Logic Flaw
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...
CVE-2021-21324
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...
CVE-2018-16608
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&userid=1, Insecure Direct Object Reference IDOR...