Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insecure direct object reference vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-24625
Faveo 5.0.1 allows remote malicious users to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.
Ladybirdweb Faveo Servicedesk 5.0.1
8.8
CVSSv3
CVE-2020-7948
An issue exists in the Login by Auth0 plugin prior to 4.0.0 for WordPress. A user can perform an insecure direct object reference.
Auth0 Login By Auth0
5.7
CVSSv3
CVE-2020-13462
Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.
Tufin Securetrack
4.3
CVSSv3
CVE-2022-29627
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows malicious users to modify products that are owned by other sellers.
Online Market Place Site Project Online Market Place Site 1.0
6.5
CVSSv3
CVE-2022-29008
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows malicious users to access sensitive information.
Phpgurukul Bus Pass Management System 1.0
1 Github repository
9.8
CVSSv3
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus
9.8
CVSSv3
CVE-2019-12866
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
Jetbrains Youtrack
4.3
CVSSv3
CVE-2018-11346
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.
Asustor As6202t Firmware
NA
CVE-2012-1565
Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference.
Ez Ez Publish 4.6.0
Ez Ez Publish 4.2.0
Ez Ez Publish 4.3.0
Ez Ez Publish 4.4.0
Ez Ez Publish 4.5.0
Ez Ez Publish 4.1.4
4.3
CVSSv3
CVE-2021-39889
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »