Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insecure direct object reference vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-2828
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability
Octopus Octopus Server
8.8
CVSSv3
CVE-2022-42175
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an malicious user to change the password and hostname of other customer servers without authorization.
Soluslabs Solusvm 4.1.2
7.5
CVSSv3
CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
1byte Copy9 -
1byte Fonetracker -
1byte Ispyoo -
1byte Guestspy -
1byte Thespyapp -
1byte Secondclone -
1byte The Truth Spy -
1byte Mxspy -
1byte Exactspy -
7.5
CVSSv3
CVE-2022-26665
An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform prior to 17.1.20. This may allow an external party to access sensitive case records.
Tylertech Odyssey Portal
5.3
CVSSv3
CVE-2021-26024
The Favorites component prior to 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.
Nagios Favorites
NA
CVE-2024-32166
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing malicious users to buy now an auction that is suspended (horizontal privilege escalation).
NA
CVE-2024-27630
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote malicious user to delete arbitrary files via crafted input to the trackers_data_delete_file function.
1 Github repository
4.3
CVSSv3
CVE-2020-27663
In GLPI prior to 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an malicious user to read data from any itemType (e.g., Ticket, Users, etc.).
Glpi-project Glpi
6.5
CVSSv3
CVE-2023-47022
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
Ncr Terminal Handler 1.5.1
5.4
CVSSv3
CVE-2020-7918
An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.
Totemo Totemomail 7.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »