Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insecure direct object reference vulnerabilities and exploits
(subscribe to this query)
357
VMScore
CVE-2020-27663
In GLPI prior to 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an malicious user to read data from any itemType (e.g., Ticket, Users, etc.).
Glpi-project Glpi
445
VMScore
CVE-2020-20183
Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and previous versions allows malicious users to gain privileges and access certain admin pages.
Zyxel P1302-t10 V3 Firmware 2.00
NA
CVE-2023-47022
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
Ncr Terminal Handler 1.5.1
356
VMScore
CVE-2022-31883
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
Marvalglobal Marval Msm 14.19.0.12476
NA
CVE-2022-34621
Mealie 1.0.0beta3 exists to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows malicious users to modify user passwords and other attributes via modification of the user_id parameter.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
605
VMScore
CVE-2020-8154
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an malicious user to remote wipe devices of other users when sending a malicious request directly to the endpoint.
Nextcloud Nextcloud Server
357
VMScore
CVE-2020-27662
In GLPI prior to 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an malicious user to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).
Glpi-project Glpi
356
VMScore
CVE-2022-27108
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account.
Orangehrm Orangehrm 4.10
570
VMScore
CVE-2021-42640
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated malicious user to reassign drivers for any printer.
Printerlogic Web Stack
Printerlogic Web Stack 19.1.1.13
NA
CVE-2023-37543
Cacti prior to 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.
Cacti Cacti
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »