Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-3380
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows malicious users to disclose sensitive information via the Print Invoice Functionality.
Height8tech H8 Ssrms -
4
CVSSv2
CVE-2022-29434
Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an malicious user to edit or delete events.
Spiffyplugins Spiffy Calendar
NA
CVE-2023-24625
Faveo 5.0.1 allows remote malicious users to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.
Ladybirdweb Faveo Servicedesk 5.0.1
NA
CVE-2022-34138
Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows malicious users to access sensitive information.
Biltema Baby Camera Firmware 124
Biltema Ip Camera Firmware 124
4
CVSSv2
CVE-2022-29627
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows malicious users to modify products that are owned by other sellers.
Online Market Place Site Project Online Market Place Site 1.0
2.7
CVSSv2
CVE-2020-13462
Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.
Tufin Securetrack
NA
CVE-2023-45393
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated malicious users to access sensitive information via a crafted cookie.
Grandingteco Utime Master 9.0.7
4
CVSSv2
CVE-2022-29008
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows malicious users to access sensitive information.
Phpgurukul Bus Pass Management System 1.0
1 Github repository
NA
CVE-2023-42334
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote malicious user to escalate privileges via the user parameter.
Fl3xx Crew 2.10.37
Fl3xx Dispatch 2.10.37
7.5
CVSSv2
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »