Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

idor vulnerabilities and exploits

(subscribe to this query)

5.3
CVSSv3
CVE-2020-16194
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields....
Store-opart Quote
8.8
CVSSv3
CVE-2021-36874
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5)....
Stylemixthemes Ulisting
6.5
CVSSv3
CVE-2022-0731
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0....
Dolibarr Dolibarr
7.5
CVSSv3
CVE-2022-1176
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96....
Livehelperchat Live Helper Chat
5.3
CVSSv3
CVE-2020-13923
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04...
Apache Ofbiz
4.3
CVSSv3
CVE-2019-19259
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR)....
Gitlab Gitlab
6.5
CVSSv3
CVE-2021-3380
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality....
Height8tech H8 Ssrms -
6.5
CVSSv3
CVE-2017-15680
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data....
Craftercms Crafter Cms
5.7
CVSSv3
CVE-2020-13462
Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA....
Tufin Securetrack
4.3
CVSSv3
CVE-2019-5466
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names....
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-31805dosCVE-2022-26727CVE-2022-26712CVE-2022-1529CVE-2022-20807template injectionCVE-2022-26690cross-site scripting
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook