Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45893
An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote malicious user to view sensitive customer information.
Floorsightsoftware Customer Portal
7.5
CVSSv2
CVE-2022-30495
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing malicious users to change the admin password(vertical privilege escalation)
Automotive Shop Management System Project Automotive Shop Management System 1.0
4
CVSSv2
CVE-2020-27663
In GLPI prior to 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an malicious user to read data from any itemType (e.g., Ticket, Users, etc.).
Glpi-project Glpi
NA
CVE-2022-34621
Mealie 1.0.0beta3 exists to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows malicious users to modify user passwords and other attributes via modification of the user_id parameter.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
6.4
CVSSv2
CVE-2021-42640
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated malicious user to reassign drivers for any printer.
Printerlogic Web Stack
Printerlogic Web Stack 19.1.1.13
NA
CVE-2023-50342
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about another user as a result of improper access control.
Hcltech Dryice Myxalytics 6.1
Hcltech Dryice Myxalytics 5.9
Hcltech Dryice Myxalytics 6.0
5.5
CVSSv2
CVE-2022-23061
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.
Shopizer Shopizer
NA
CVE-2024-4537
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket.
4
CVSSv2
CVE-2022-31883
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
Marvalglobal Marval Msm 14.19.0.12476
4
CVSSv2
CVE-2020-27662
In GLPI prior to 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an malicious user to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).
Glpi-project Glpi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »