Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-21022
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
8.8
CVSSv3
CVE-2023-46449
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.
Mayurik Inventory Management System 1.0
1 Github repository
5.3
CVSSv3
CVE-2019-15581
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
Gitlab Gitlab
5.3
CVSSv3
CVE-2019-7864
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can lead to unauthorized access to order details.
Magento Magento
5.4
CVSSv3
CVE-2021-37212
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content.
Larvata Flygo
6.5
CVSSv3
CVE-2021-38362
In RSA Archer 6.x up to and including 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.
Rsa Archer
7.5
CVSSv3
CVE-2022-28986
LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote malicious users to update sensitive records such as email, password and phone number of other user accounts.
Lmsdoctor 2 Factor Authentication 2021072900
1 Github repository
7.3
CVSSv3
CVE-2019-7890
An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can lead to unauthorized access to order details.
Magento Magento
5.5
CVSSv3
CVE-2023-4587
An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local malicious user to obtain registered user backup files or device configuration files over a local network or through a VPN server.
Zkteco Zem800 Firmware 6.60
6.5
CVSSv3
CVE-2020-8503
Biscom Secure File Transfer (SFT) 5.0.1050 up to and including 5.1.1067 and 6.0.1000 up to and including 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.
Biscom Secure File Transfer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »