Insecure Direct Object Reference (IDOR)

Khoj is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the improper implementation of access controls in the updatesubscription endpoint, where the system fails to enforce authorization checks to ensure that only the owner of a subscription can modify it, allowin...

Authorization Bypass Through User-Controlled Key

Overview khoj is a Your Second Brain Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the updatesubscription endpoint. An authenticated attacker can modify other users' Stripe subscriptions by manipulating the email parameter in the...

PT-2024-35160 · Khoj · Khoj

Name of the Vulnerable Software and Affected Versions: Khoj versions prior to 1.29.10 Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability in the update subscription endpoint, allowing any authenticated user to manipulate other users' Stripe subscriptions by...

CVE-2022-29414

Multiple 13x Cross-Site Request Forgery CSRF vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions add a new subscription, update subscription, delete Subscription...