Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2020-8297
Nextcloud Deck prior to 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.
Nextcloud Deck
NA
CVE-2022-43326
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows malicious users to arbitrarily change user and Administrator account passwords.
Telosalliance Omnia Mpx Node Firmware
356
VMScore
CVE-2017-16631
In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.
Sapphireims Sapphireims 4097 1
NA
CVE-2024-28320
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows malicious users to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php.
NA
CVE-2022-40205
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
Gvectors Wpforo Forum
NA
CVE-2022-40206
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
Gvectors Wpforo Forum
490
VMScore
CVE-2022-25471
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated malicious user to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.
Open-emr Openemr 6.0.0
445
VMScore
CVE-2019-15582
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.
Gitlab Gitlab
445
VMScore
CVE-2021-24562
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin prior to 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades
Lifterlms Lifterlms
356
VMScore
CVE-2018-16608
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
Monstra Monstra 3.0.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »