Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insecure direct object reference vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2017-16631
In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.
Sapphireims Sapphireims 4097 1
356
VMScore
CVE-2020-8297
Nextcloud Deck prior to 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.
Nextcloud Deck
NA
CVE-2022-43326
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows malicious users to arbitrarily change user and Administrator account passwords.
Telosalliance Omnia Mpx Node Firmware
NA
CVE-2022-34150
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.
Micodus Mv720 Firmware -
1 Article
445
VMScore
CVE-2022-22828
An insecure direct object reference for the file-download URL in Synametrics SynaMan prior to 5.0 allows a remote malicious user to access unshared files via a modified base64-encoded filename string.
Synametrics Synaman
1 Github repository
356
VMScore
CVE-2018-16608
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
Monstra Monstra 3.0.4
490
VMScore
CVE-2022-25471
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated malicious user to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.
Open-emr Openemr 6.0.0
NA
CVE-2023-38257
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords.
Iagona Scrutisweb
356
VMScore
CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
Phone Shop Sales Management System Project Phone Shop Sales Management System 1.0
NA
CVE-2023-38884
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote malicious user to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'
Os4ed Opensis 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »