Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insecure direct object reference vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2015-6668
The Job Manager plugin prior to 0.7.25 allows remote malicious users to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference.
Wp-jobmanager Job Manager
1 Github repository
7.5
CVSSv3
CVE-2021-42641
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated malicious user to disclose the username and email address of all users.
Printerlogic Web Stack
Printerlogic Web Stack 19.1.1.13
7.5
CVSSv3
CVE-2019-7854
An insecure direct object reference (IDOR) vulnerability in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 can lead to unauthorized disclosure of company credit history details.
Magento Magento
8.8
CVSSv3
CVE-2017-16630
In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.
Sapphireims Sapphireims 4097 1
5.3
CVSSv3
CVE-2022-25336
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x prior to 7.5.26 and 1.3.x prior to 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.
Ibexa Ez Platform Kernel
4.3
CVSSv3
CVE-2018-19582
GitLab EE, versions 11.4 prior to 11.4.8 and 11.5 prior to 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user.
Gitlab Gitlab
7.5
CVSSv3
CVE-2021-42642
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated malicious user to disclose the plaintext console username and password for a printer.
Printerlogic Web Stack
Printerlogic Web Stack 19.1.1.13
5.3
CVSSv3
CVE-2022-27247
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an malicious user to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference.
Cdsoft Winhotel.mx 2021
4.3
CVSSv3
CVE-2018-15833
In Vanilla prior to 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Vanillaforums Vanilla Forums
5.3
CVSSv3
CVE-2020-16194
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.
Store-opart Quote
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »