OpenEMR <= 6.0.0 IDOR Vulnerability

OpenEMR is prone to an insecure direct object reference IDOR vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-25471

An Insecure Direct Object Reference IDOR vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zendmodules/public/Installer/register...

CVE-2022-25471

An Insecure Direct Object Reference IDOR vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zendmodules/public/Installer/register...

OpenEMR 安全漏洞

OpenEMR is an open source medical management system from the OpenEMR Openemr community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. OpenEMR suffers from a security vulnerability that stems from an insecure...

CVE-2022-0732

CVE-2022-0732 describes an insecure direct object reference (IDOR) in the backend infrastructure shared by multiple mobile device monitoring services, causing inadequate authentication/authorization of API requests. Connected sources tie this vulnerability to stalkerware families (e.g., 1Byte, Co...

TheSpyApp 访问控制错误漏洞

TheSpyApp is the next generation of smartphone monitoring software. TheSpyApp suffers from a security vulnerability that stems from an IDOR Insecure Direct Object Reference vulnerability that arises from a backend infrastructure shared by multiple mobile device monitoring services that does not...

PT-2022-13397 · 1Byte · Copy9 +8

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an Insecure Direct Object...

CVE-2022-0731

Improper Access Control IDOR in GitHub repository dolibarr/dolibarr prior to 16.0...

Dolibarr 访问控制错误漏洞

Dolibarr is a software application. A modern software package that helps manage your organization's activities. A security vulnerability exists in dolibarr that stems from incorrect access control IDOR...

CVE-2022-0732

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability...

GHSA-C5GJ-W4HX-GVMX Business Logic Errors in microweber

Microweber prior to 1.2.11 can suffer from insecure direct object references. A malicious actor can remove items from a victim's cart...

Business Logic Errors in microweber

Microweber prior to 1.2.11 can suffer from insecure direct object references. A malicious actor can remove items from a victim's cart...

CVE-2022-24979

An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes ESI content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference IDOR,...

CVE-2022-24979

An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes ESI content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference IDOR,...

CVE-2022-25336

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference IDOR attacks against image files because the image path and filename can be correctly deduced...

CVE-2022-25336

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference IDOR attacks against image files because the image path and filename can be correctly deduced...

Design/Logic Flaw

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference IDOR attacks against image files because the image path and filename can be correctly deduced...

CVE-2022-25336

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference IDOR attacks against image files because the image path and filename can be correctly deduced...

CVE-2022-25336

CVE-2022-25336 affects Ibexa DXP Ezpublish-kernel: versions 7.5.x before 7.5.26 and 1.3.x before 1.3.12. The issue is an Insecure Direct Object Reference (IDOR) against image files because the image path and filename can be inferred, enabling access to potentially sensitive images. Connected sour...

PT-2022-17219 · Ibexa +1 · Ibexa Dxp +1

Name of the Vulnerable Software and Affected Versions: Ibexa DXP ezsystems/ezpublish-kernel versions 7.5.x through 7.5.25 Ibexa DXP ezsystems/ezpublish-kernel versions 1.3.x through 1.3.11 Description: The issue allows Insecure Direct Object Reference IDOR attacks against image files because the...