Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insecure direct object reference vulnerabilities and exploits
(subscribe to this query)
8.6
CVSSv3
CVE-2020-15958
An issue exists in 1CRM System up to and including 8.6.7. An insecure direct object reference to internally stored files allows a remote malicious user to access various sensitive information via an unauthenticated request with a predictable URL.
1crm 1crm
7.5
CVSSv3
CVE-2021-46378
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.
Dlink Dir-850l Firmware 1.08trb03
6.5
CVSSv3
CVE-2021-40352
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.
Open-emr Openemr 6.0.0
4 Github repositories
7.5
CVSSv3
CVE-2022-40319
The LISTSERV 17 web interface allows remote malicious users to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account.
Lsoft Listserv 17.0
NA
CVE-2014-8487
Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and previous versions allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to selfservice/managedevice/getMessageBody or (2) requests via the requestId parameter to selfservice/d...
Kony Enterprise Mobile Management
4.3
CVSSv3
CVE-2018-16970
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.
Wisetail Learning Management System
4.3
CVSSv3
CVE-2018-16971
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.
Wisetail Learning Management System
8.1
CVSSv3
CVE-2021-46416
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.
Sma Sunny Tripower Firmware 3.10.16.r
8.8
CVSSv3
CVE-2023-3105
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
Learndash Learndash
6.5
CVSSv3
CVE-2021-34369
portlets/contact/ref/refContactDetail.do in Accela Civic Platform up to and including 20.1 allows remote malicious users to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an...
Accela Civic Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
open redirect
CVE-2019-20462
CVE-2024-46960
file inclusion
CVE-2020-11921
CVE-2024-20418
SSTI
CVE-2024-30078
CVE-2024-50149
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »