Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-3930
The Directorist WordPress plugin prior to 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.
Wpwax Directorist
6.5
CVSSv3
CVE-2023-33706
SysAid prior to 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
Sysaid Sysaid
NA
CVE-2024-32166
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing malicious users to buy now an auction that is suspended (horizontal privilege escalation).
4.3
CVSSv3
CVE-2020-27663
In GLPI prior to 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an malicious user to read data from any itemType (e.g., Ticket, Users, etc.).
Glpi-project Glpi
NA
CVE-2024-4750
The buddyboss-platform WordPress plugin prior to 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request
9.8
CVSSv3
CVE-2022-30495
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing malicious users to change the admin password(vertical privilege escalation)
Automotive Shop Management System Project Automotive Shop Management System 1.0
6.5
CVSSv3
CVE-2022-34621
Mealie 1.0.0beta3 exists to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows malicious users to modify user passwords and other attributes via modification of the user_id parameter.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
9.1
CVSSv3
CVE-2021-42640
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated malicious user to reassign drivers for any printer.
Printerlogic Web Stack
Printerlogic Web Stack 19.1.1.13
4.3
CVSSv3
CVE-2020-27662
In GLPI prior to 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an malicious user to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).
Glpi-project Glpi
8.8
CVSSv3
CVE-2022-31883
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
Marvalglobal Marval Msm 14.19.0.12476
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »