SMA Solar Technology SUNNY TRIPOWER 安全漏洞

The SMA Solar Technology SUNNY TRIPOWER is a solar inverter from SMA Solar Technology, Germany. A security vulnerability exists in SMA Solar Technology SUNNY TRIPOWER 5.0, which stems from an insecure direct object reference that could lead to unauthorized user group access due to insecure cookie...

CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

Design/Logic Flaw

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

CVE-2022-23061

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin although this cannot happen according to the documentation via Insecure Direct Object Reference IDOR vulnerability...

CVE-2022-1176

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96...

livehelperchat 安全漏洞

livehelperchat is a live support available for free on the website through Live Helper Chat. A security vulnerability exists in livehelperchat versions prior to 3.96 that stems from a loose comparison leading to IDOR on multiple endpoints. an attacker can bypass multiple checks to access other...

PT-2022-13692 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: LiveHelperChat versions prior to 3.96 Description: The issue is caused by a loose comparison, leading to an Insecure Direct Object Reference IDOR on multiple endpoints in the LiveHelperChat repository. LiveHelperChat is a live support system...

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

Design/Logic Flaw

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

CVE-2021-38362

CVE-2021-38362 affects RSA Archer 6.x up to 6.9 SP3 (6.9.3.0). An authenticated attacker can issue a GET to a vulnerable REST API endpoint, exploiting an Insecure Direct Object Reference (IDOR) to retrieve sensitive data. The cited sources describe the vulnerability and affected version range but...

OpenEMR 安全漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An insecure direct object reference vulnerability exists in OpenEMR versions prior...

RSA Archer 安全漏洞

RSA Archer is an enterprise IT governance and compliance governance product from RSA UK, including policy, risk and compliance definition and management. It is able to aggregate all of our enterprise assets, as well as some of the monitored information, and organize it into a unified platform,...

Non-Privilege User Can View Patient’s Disclosures

Vulnerability Type Insecure Direct Object Reference Affected URL https://localhost/openemr-6.0.0/ /interface/patientfile/summary/recorddisclosure.php?editlid=X Method GET Parameter editlid Authentication Required? Yes Issue Summary Non-privilege users accounting, front office can view patient’s...

CVE-2021-43957

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

Accounting User Can Download Patient Reports in openemr

Vulnerability Type Insecure Direct Object Reference Affected URL https://localhost/openemr/interface/patientfile/report/customreport.php Affected Parameters “Issue7” Authentication Required? Yes Issue Summary Non-privilege users accounting & front-office can download patient reports containing...

OpenEMR <= 6.0.0 IDOR Vulnerability

OpenEMR is prone to an insecure direct object reference IDOR vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...