4470 matches found
CVE-2025-40658
DM Corporative CMS is affected by an Insecure Direct Object Reference (IDOR) vulnerability. The flaw occurs in the endpoint /administer/selectionnode/framesSelection.asp where an attacker can set the option parameter to 0, 1, or 2 to access a private area. Impact details indicate exposure of sens...
PT-2025-24643 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...
Dmacroweb DM Corporative CMS 安全漏洞
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which originates from the parameter option in the file /administer/selectionnode/selection.asp that fails to...
DM Corporative CMS 安全漏洞
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which originates from the parameter option in the file /administer/select node/data.asp that fails to proper...
Dmacroweb DM Corporative CMS 安全漏洞
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which stems from the failure of the option parameter in the file...
Dmacroweb DM Corporative CMS 安全漏洞
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which stems from the failure of the option parameter in the file /administer/selectionnode/framesSelection.a...
PT-2025-24645 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...
PT-2025-24644 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...
PT-2025-24642 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...
📄 Adapt CMS 3.0.3 Insecure Direct Object Reference / Incorrect Authorization
Adapt CMS version 3.0.3 suffers from an insecure direct object reference vulnerability that allows for privilege escalation. Exploit Title: IDOR "Change Password" Functionality - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog:...
CVE-2025-4691
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...
CVE-2025-4691
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...
CVE-2025-4691 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...
CVE-2025-4691
CVE-2025-4691 applies to the Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking for WordPress. The vulnerability is an Insecure Direct Object Reference that allows unauthenticated attackers to view details of any booking request via the view_request_details endpoint. Aff...
PT-2025-23399 · WordPress · Easync Booking
Name of the Vulnerable Software and Affected Versions: eaSYNC Booking plugin for WordPress versions prior to 1.3.22 Description: The issue allows unauthenticated attackers to view the details of any booking request due to missing validation on a user-controlled key, specifically via the 'view...
CVE-2024-47055
SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...
Insecure Direct Object Reference (IDOR)
mautic/core is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to missing authorization checks in the segment cloning function, which allows authenticated users to clone segments even if they don’t have the necessary permissions...
GHSA-VPH5-GHQ3-Q782 Mautic segment cloning doesn't have a proper permission check
Summary This advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...
Mautic segment cloning doesn't have a proper permission check
Summary This advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...
CVE-2024-47055 Segment cloning doesn't have a proper permission check
SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...