Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4886
The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
668
VMScore
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus
NA
CVE-2023-42334
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote malicious user to escalate privileges via the user parameter.
Fl3xx Crew 2.10.37
Fl3xx Dispatch 2.10.37
NA
CVE-2021-36865
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows malicious users to change the content of the quiz.
Quizandsurveymaster Quiz And Survey Master
NA
CVE-2022-36202
Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.
Doctor\\'s Appointment System Project Doctor\\'s Appointment System 1.0
1 Github repository
NA
CVE-2022-36966
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
Solarwinds Orion Platform 2020.2.6
Solarwinds Orion Platform
Solarwinds Orion Platform 2022.2
Solarwinds Orion Platform 2022.3
445
VMScore
CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
1byte Copy9 -
1byte Fonetracker -
1byte Ispyoo -
1byte Guestspy -
1byte Thespyapp -
1byte Secondclone -
1byte The Truth Spy -
1byte Mxspy -
1byte Exactspy -
NA
CVE-2022-2828
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability
Octopus Octopus Server
NA
CVE-2023-45893
An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote malicious user to view sensitive customer information.
Floorsightsoftware Customer Portal
NA
CVE-2024-27630
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote malicious user to delete arbitrary files via crafted input to the trackers_data_delete_file function.
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »