Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-50342
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about another user as a result of improper access control.
Hcltech Dryice Myxalytics 6.1
Hcltech Dryice Myxalytics 5.9
Hcltech Dryice Myxalytics 6.0
NA
CVE-2024-4537
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket.
6.5
CVSSv3
CVE-2022-23061
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.
Shopizer Shopizer
6.5
CVSSv3
CVE-2017-16631
In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.
Sapphireims Sapphireims 4097 1
7.5
CVSSv3
CVE-2022-43326
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows malicious users to arbitrarily change user and Administrator account passwords.
Telosalliance Omnia Mpx Node Firmware
4.3
CVSSv3
CVE-2022-40205
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
Gvectors Wpforo Forum
4.3
CVSSv3
CVE-2022-40206
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
Gvectors Wpforo Forum
4.3
CVSSv3
CVE-2020-8297
Nextcloud Deck prior to 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.
Nextcloud Deck
NA
CVE-2024-28320
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows malicious users to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php.
8.1
CVSSv3
CVE-2022-25471
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated malicious user to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.
Open-emr Openemr 6.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »