Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insecure direct object reference vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-42067
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability
Online Birth Certificate Management System Project Online Birth Certificate Management System 1.0
4.3
CVSSv3
CVE-2019-19259
GitLab Enterprise Edition (EE) 11.3 and later up to and including 12.5 allows an Insecure Direct Object Reference (IDOR).
Gitlab Gitlab
NA
CVE-2024-33818
Globitel KSA SpeechLog v8.1 exists to contain an Insecure Direct Object Reference (IDOR) via the userID parameter.
6.5
CVSSv3
CVE-2018-16606
In ProConf prior to 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid param...
Proconf Proconf
6.4
CVSSv3
CVE-2018-15693
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and previous versions allows authenticated users authorization bypass via insecure direct object reference.
Inova-software Inova Partner
4.3
CVSSv3
CVE-2020-8235
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an malicious user to view all attachments.
Nextcloud Deck 1.0.4
NA
CVE-2023-49339
Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.
1 Github repository
NA
CVE-2023-36238
Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an malicious user to obtain sensitive information via the invoice ID parameter.
9.8
CVSSv3
CVE-2016-10930
The wp-support-plus-responsive-ticket-system plugin prior to 7.1.0 for WordPress has insecure direct object reference via a ticket number.
Wpsupportplus Wp Support Plus Responsive Ticket System
6.5
CVSSv3
CVE-2021-3380
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows malicious users to disclose sensitive information via the Print Invoice Functionality.
Height8tech H8 Ssrms -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »