4460 matches found
CVE-2023-0550
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...
Design/Logic Flaw
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...
CVE-2023-0550 Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...
CVE-2023-0550 Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...
CVE-2023-0550
The CVE-2023-0550 entry concerns the Quick Restaurant Menu WordPress plugin (versions
PT-2023-16355 · WordPress · Quick Restaurant Menu
Name of the Vulnerable Software and Affected Versions: Quick Restaurant Menu plugin for WordPress versions up to, and including, 2.0.2 Description: The issue arises from Insecure Direct Object Reference, where the plugin fails to verify the post ID provided to the AJAX action during menu item...
WordPress plugin Quick Restaurant Menu 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
LISTSERV 17 Insecure Direct Object Reference Vulnerability
Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-40319 Steps to replicate 1. Create two accounts on your LISTSERV 17 installation, logging into each one in ...
CVE-2022-40319
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References IDOR attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account...
L-Soft LISTSERV 安全漏洞
L-Soft LISTSERV is a suite of e-mail list management software from L-Soft. A security vulnerability exists in L-Soft LISTSERV version 17. An attacker could exploit the vulnerability to conduct an insecure direct object reference IDOR attack via a modified email address in the wa.exe URL...
LISTSERV 17 Insecure Direct Object Reference
Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-40319 Steps to replicate 1. Create two accounts on your LISTSERV 17 installation, logging into each one in ...
Dcastalia CMS 1.2 Insecure Direct Object Reference
==================================================================================================================================== | Title : Dcastalia CMS v1.2 Unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
CVE-2022-4340
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...
CVE-2022-4340
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...
CVE-2022-4340 BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...
PT-2023-14197 · WordPress · Bookingpress
Name of the Vulnerable Software and Affected Versions: BookingPress WordPress plugin versions prior to 1.0.31 Description: The issue allows any visitor to display information about any booking by manipulating the appointment id query parameter in the thank you page, potentially exposing full name...
memos 授权问题漏洞
memos is an open source hosted memo center with knowledge management and social features. A vulnerability in authorization issues exists in versions prior to memos 0.9.1, which can be exploited by an attacker to view, update, and delete shortcuts of other users using IDOR...
memos 授权问题漏洞
memos is an open source hosted memo center with knowledge management and social features. A vulnerability in authorization issues exists in versions of memos prior to 0.9.1, which can be exploited by an attacker to reset any user's API via IDOR...
memos 访问控制错误漏洞
memos is an open source hosted memo center with knowledge management and social features. An Access Control Error vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to obtain all files in any user's resources and delete any file of any user via IDOR...
memos 访问控制错误漏洞
memos is an open source hosted meme center with knowledge management and social features. An access control error vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to IDOR other public and private memos...