CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...

CVE-2020-6859

The CVE-2020-6859 entry corresponds to multiple Insecure Direct Object Reference (IDOR) vulnerabilities in the WordPress Ultimate Member plugin (affected until version 2.1.2) in includes/core/class-files.php. The underlying issue allows remote attackers to modify other users’ profiles and cover p...

CVE-2020-6859

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified userid parameter. This is related to ajaximageupload and...

Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability

A vulnerability in the Operations, Administration, Maintenance and Provisioning OAMP OpsConsole Server for Cisco Unified Customer Voice Portal CVP could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. The...

GitLab EE Insecure Direct Object Reference Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is GitLab Enterprise Edition. GitLab EE 11.3 - 12.5 suffers from an insecure direct object...

CVE-2019-19259

GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...

CVE-2019-19259

GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...

Design/Logic Flaw

GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...

CVE-2019-19259

GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...

CVE-2019-19259

CVE-2019-19259 refers to a vulnerability in GitLab Enterprise Edition (EE) 11.3 and later through 12.5 that allows an Insecure Direct Object Reference (IDOR), leading to potential information disclosure. The issue affects the application’s handling of object references and is categorized with a C...

CVE-2019-19259

GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...

Starbucks: Thailand - Insecure Direct Object Reference permits an unauthorized user to transfer funds from a victim using only the victims Starbucks card

nnez discovered that a hacker could transfer funds from one Starbucks card to another by inspecting the form with Google Chrome DevTools and then change the forms "CardNumber" value to a victim's valid Starbucks card number. If the value entered for the "FullAmount" form field did not exceed the...

GitLab Insecure Direct Object Reference Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An insecure direct object reference vulnerability exists in GitLab versions prior to 12.1.2, 12.0.4...

The vulnerability of the Web Time and Expense interface of the integrated enterprise management system Microsoft Dynamics NAV allows a malicious individual to gain unauthorized access to arbitrary reports.

The vulnerability of the Web Time and Expense interface of the integrated enterprise management system Microsoft Dynamics NAV is related to the insecure direct object reference IDOR. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to arbitrar...

CVE-2019-19616

An Insecure Direct Object Reference IDOR vulnerability in the Xtivia Web Time and Expense WebTE interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment...

Design/Logic Flaw

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference...

CVE-2014-8356

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference...

CVE-2014-8356

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

eyecomms eyeCMS Insecure Direct Object Reference (IDOR) Vulnerability

eyecomms eyeCMS is a content management system CMS from eyecomms Oman. A security vulnerability exists in eyecomms eyeCMS 2019-10-15 and earlier versions. An attacker can exploit the vulnerability by modifying the 'id' parameter to modify personal information name, email, phone, resume and other...

CVE-2019-17604

An Insecure Direct Object Reference IDOR vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information first name, last name, email, CV, phone number, and all other personal information by changing the value of the candidate id the id...