Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2828
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability
Octopus Octopus Server
5
CVSSv2
CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
1byte Copy9 -
1byte Fonetracker -
1byte Ispyoo -
1byte Guestspy -
1byte Thespyapp -
1byte Secondclone -
1byte The Truth Spy -
1byte Mxspy -
1byte Exactspy -
NA
CVE-2023-33706
SysAid prior to 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
Sysaid Sysaid
NA
CVE-2022-3930
The Directorist WordPress plugin prior to 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.
Wpwax Directorist
NA
CVE-2023-45893
An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote malicious user to view sensitive customer information.
Floorsightsoftware Customer Portal
NA
CVE-2024-27630
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote malicious user to delete arbitrary files via crafted input to the trackers_data_delete_file function.
1 Github repository
NA
CVE-2024-32166
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing malicious users to buy now an auction that is suspended (horizontal privilege escalation).
NA
CVE-2024-4750
The buddyboss-platform WordPress plugin prior to 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request
7.5
CVSSv2
CVE-2022-30495
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing malicious users to change the admin password(vertical privilege escalation)
Automotive Shop Management System Project Automotive Shop Management System 1.0
4
CVSSv2
CVE-2020-27663
In GLPI prior to 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an malicious user to read data from any itemType (e.g., Ticket, Users, etc.).
Glpi-project Glpi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »