CVE-2023-7049 Custom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode

The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...

CVE-2023-7049

CVE-2023-7049 affects the Custom Field For WP Job Manager WordPress plugin. It enables insecure direct object access via the cm_fieldshow shortcode, due to missing validation of the job_id parameter. All versions up to 1.2 are affected. Exploitation requires authenticated access at contributor le...

CVE-2023-7049 Custom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode

The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...

WordPress Custom Field For WP Job Manager plugin <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode vulnerability

Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Custom Field For WP Job Manager versions = 1.2...

Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Bhojon restaurant management system v3.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...

CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...

WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Masteriyo - LMS versions = 1.11.4...

Farmacia Gama 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : Farmacia Gama v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

Bhojon Restaurant Management System 2.8 Insecure Direct Object Reference

==================================================================================================================================== | Title : Bhojon restaurant management system v2.9 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

AccPack Cop 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : AccPack Cop v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...

AccPack Buzz 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : AccPack Buzz v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vend...

CVE-2024-6357

Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence...

CVE-2024-6357

Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence...

CVE-2024-6357

CVE-2024-6357 is an Insecure Direct Object Reference vulnerability in OpenText ArcSight Intelligence. Public records show CVSS v3.1 metrics with high impact (C/H/I/A all high) and network-based access with low attack complexity and no user interaction required. Some connected sources (e.g., PT-20...

CVE-2024-6357 Insecure Direct Object Reference vulnerability

Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence...

CVE-2024-6357 Insecure Direct Object Reference vulnerability

Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence...

OpenText ArcSight Intelligence 安全漏洞

OpenText ArcSight Intelligence is an advanced threat detection tool from OpenText Canada. A security vulnerability exists in OpenText ArcSight Intelligence that stems from the presence of an unsafe direct object reference vulnerability...

PT-2024-37562 · Opentext · Opentext Arcsight Intelligence

Name of the Vulnerable Software and Affected Versions: OpenText ArcSight Intelligence affected versions not specified Description: A security issue has been identified in OpenText ArcSight Intelligence, related to an Insecure Direct Object Reference. Recommendations: At the moment, there is no...

AccPack Khanepani 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : AccPack Khanepani v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...