GNU Savane 安全漏洞

GNU Savane is a collaborative software development management system for project management, code hosting and community collaboration. GNU Savane suffers from an insecure direct object reference vulnerability that arises from an application that does not properly implement access control mechanis...

WordPress ProfileGrid plugin <= 5.7.6 - IDOR on Friend Request vulnerability

IDOR on Friend Request vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.6...

WordPress LearnPress plugin <= 4.2.6.3 - Insecure Direct Object Reference vulnerability

Insecure Direct Object Reference vulnerability discovered by drop in WordPress Plugin LearnPress versions = 4.2.6.3...

Insecure Direct Object Reference (IDOR)

bagisto/bagisto is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient validation of the invoice ID parameter in the print function within OrderController.php. This flaw allows an attacker to retrieve sensitive information, resulting in Information...

LearnPress < 4.2.6.4 - Insecure Direct Object Reference

Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated...

Thumbs Rating <= 5.1.0 - Unauthenticated Insecure Direct Object Reference

Description The Thumbs Rating plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.0 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to perform an unauthorized action...

Molongui < 4.7.8 - Authenticated (Author+) Insecure Direct Object Reference

Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.7.7 due to missing validation on a user controlled key. This makes it possible for authenticated...

Whizzy <= 1.1.18 - Authenticated (Subscriber+) Insecure Direct Object Reference

Description The Whizzy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.18 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

CVE-2024-29024

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...

CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...

CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...

CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...

Insecure Direct Object Reference (IDOR)

pimcore/pimcore is vulnerable to Insecure Direct Object Reference IDOR. This vulnerability is due to insufficient access controls and improper handling of session information within the Pimcore platform. Specifically, the flaw arises from the platform's failure to properly restrict access to...

PT-2024-22678 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.6 Description: The issue allows an authenticated user to exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files,...

GHSA-PMC7-HMMW-G96Q Bagisto vulnerable to Insecure Direct Object Reference (IDOR)

Insecure Direct Object Reference IDOR in Bagisto v.1.5.0 allows an attacker to obtain sensitive information via the invoice ID parameter...

Bagisto vulnerable to Insecure Direct Object Reference (IDOR)

Insecure Direct Object Reference IDOR in Bagisto v.1.5.0 allows an attacker to obtain sensitive information via the invoice ID parameter...

CVE-2023-36238

Insecure Direct Object Reference IDOR in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter...

CVE-2023-36238

Insecure Direct Object Reference IDOR in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter...

CVE-2024-0839

The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive...

CVE-2024-0839

The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive...