Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2019-7890
An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can lead to unauthorized access to order details.
Magento Magento
6.5
CVSSv3
CVE-2020-8503
Biscom Secure File Transfer (SFT) 5.0.1050 up to and including 5.1.1067 and 6.0.1000 up to and including 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.
Biscom Secure File Transfer
7.5
CVSSv3
CVE-2022-28986
LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote malicious users to update sensitive records such as email, password and phone number of other user accounts.
Lmsdoctor 2 Factor Authentication 2021072900
1 Github repository
6.5
CVSSv3
CVE-2021-24318
The Listeo WordPress theme prior to 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector.
Purethemes Listeo
3.7
CVSSv3
CVE-2023-38872
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated malicious user to access cash book entry attachments of any other user, if they know the Id of the attachment.
Economizzer Economizzer April 2023
Economizzer Economizzer 0.9
4.3
CVSSv3
CVE-2021-37213
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee’s check-in record.
Larvata Flygo
7.5
CVSSv3
CVE-2021-37777
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.
Gilacms Gila Cms 2.2.0
4.9
CVSSv3
CVE-2019-7925
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.
Magento Magento
5.4
CVSSv3
CVE-2021-24473
The User Profile Picture WordPress plugin prior to 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).
Cozmoslabs User Profile Picture
NA
CVE-2024-4538
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »