Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2019-15582
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.
Gitlab Gitlab
8.1
CVSSv3
CVE-2022-25471
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated malicious user to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.
Open-emr Openemr 6.0.0
7.5
CVSSv3
CVE-2021-24562
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin prior to 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades
Lifterlms Lifterlms
8.8
CVSSv3
CVE-2018-16608
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
Monstra Monstra 3.0.4
6.5
CVSSv3
CVE-2023-43900
Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow malicious users to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters.
Emsigner Emsigner 2.8.7
7.5
CVSSv3
CVE-2023-38884
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote malicious user to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'
Os4ed Opensis 9.0
4.3
CVSSv3
CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
Phone Shop Sales Management System Project Phone Shop Sales Management System 1.0
7.5
CVSSv3
CVE-2019-15725
An issue exists in GitLab Community and Enterprise Edition 12.0 up to and including 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.
Gitlab Gitlab
7.1
CVSSv3
CVE-2022-22331
IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated malicious user to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130.
Ibm Partner Engagement Manager 6.2.0
7.5
CVSSv3
CVE-2019-20209
The CTHthemes CityBook prior to 2.3.4, TownHub prior to 1.0.6, and EasyBook prior to 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.
Cththemes Citybook
Cththemes Easybook
Cththemes Townhub
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »