Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
Phone Shop Sales Management System Project Phone Shop Sales Management System 1.0
7.1
CVSSv3
CVE-2022-22331
IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated malicious user to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130.
Ibm Partner Engagement Manager 6.2.0
6.5
CVSSv3
CVE-2023-43900
Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow malicious users to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters.
Emsigner Emsigner 2.8.7
7.5
CVSSv3
CVE-2023-38884
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote malicious user to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'
Os4ed Opensis 9.0
7.5
CVSSv3
CVE-2019-15725
An issue exists in GitLab Community and Enterprise Edition 12.0 up to and including 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.
Gitlab Gitlab
7.5
CVSSv3
CVE-2019-7854
An insecure direct object reference (IDOR) vulnerability in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 can lead to unauthorized disclosure of company credit history details.
Magento Magento
8.8
CVSSv3
CVE-2017-16630
In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.
Sapphireims Sapphireims 4097 1
5.3
CVSSv3
CVE-2020-29446
Affected versions of Atlassian Fisheye & Crucible allow remote malicious users to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.
Atlassian Crucible
Atlassian Fisheye
NA
CVE-2024-28087
In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable.
7.5
CVSSv3
CVE-2021-42641
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated malicious user to disclose the username and email address of all users.
Printerlogic Web Stack 19.1.1.13
Printerlogic Web Stack
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »