Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-36202
Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.
Doctor\\'s Appointment System Project Doctor\\'s Appointment System 1.0
1 Github repository
9.8
CVSSv3
CVE-2022-30495
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing malicious users to change the admin password(vertical privilege escalation)
Automotive Shop Management System Project Automotive Shop Management System 1.0
9.8
CVSSv3
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus
9.4
CVSSv3
CVE-2019-6716
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote malicious user to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchroniz...
Logonbox Nervepoint Access Manager 1.2
Logonbox Nervepoint Access Manager 1.3
Logonbox Nervepoint Access Manager 1.4
2 Github repositories
9.1
CVSSv3
CVE-2022-36247
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za.
Shopbeat Shop Beat Media Player
9.1
CVSSv3
CVE-2021-42640
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated malicious user to reassign drivers for any printer.
Printerlogic Web Stack
Printerlogic Web Stack 19.1.1.13
8.8
CVSSv3
CVE-2023-46449
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.
Mayurik Inventory Management System 1.0
1 Github repository
8.8
CVSSv3
CVE-2022-43492
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.
Gvectors Wpdiscuz 7.4.2
8.8
CVSSv3
CVE-2021-36906
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.
Expresstech Quiz And Survey Master
8.8
CVSSv3
CVE-2022-31883
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
Marvalglobal Marval Msm 14.19.0.12476
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »