CVE-2022-24187

CVE-2022-24187 affects Ourphoto App 1.4.1, specifically the /device/* endpoints. The root cause is insecure direct object references in which end-user identifiers (user_id and device_id) can be enumerated by incrementing/decrementing IDs, allowing attackers to discover other users’ email addresse...

CVE-2022-24187

The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...

PT-2022-16527 · Unknown · Ourphoto App

Name of the Vulnerable Software and Affected Versions: Ourphoto App version 1.4.1 Description: The issue affects the /device/ end-points, where the user id and device id values suffer from insecure direct object reference vulnerabilities. An attacker can enumerate other end-users' user id and...

CVE-2022-24187

The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...

CVE-2022-43492

Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...

WordPress plugin wpDiscuz 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

GHSA-G6X4-57HP-J4XM Authorization Bypass in Liferay Portal

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

grafana: IDOR vulnerability can lead to information disclosure

An Insecure Direct Object Reference IDOR vulnerability was found on Grafana Teams APIs. This flaw impacts the /teams/:teamId, /teams/:search, /teams/:teamId/members API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for tea...

CVE-2022-42129

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

CVE-2022-42129

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

CVE-2022-42129

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

CVE-2022-42129

CVE-2022-42129 describes an insecure direct object reference (IDOR) in the Dynamic Data Mapping module of Liferay Portal 7.3.2–7.4.3.4 and Liferay DXP 7.3 before update 4, 7.4 GA . The vulnerability allows remote authenticated users to view/access form entries via the formInstanceRecordId paramet...

CVE-2022-42129

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

CVE-2022-40206

Insecure direct object references IDOR vulnerability in the wpForo Forum plugin = 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public...

CVE-2022-39945

An improper access control vulnerability CWE-284 in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references...

WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities

Multiple Insecure direct object references IDOR vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.6. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.7...

CVE-2022-36966

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference IDOR vulnerability in SolarWinds Platform 2022.3 and previous...

CVE-2022-36966

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference IDOR vulnerability in SolarWinds Platform 2022.3 and previous...

CVE-2022-36966 Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference IDOR vulnerability in SolarWinds Platform 2022.3 and previous...