Total
505 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5743 | 1 Tecnick | 1 Tcexam | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. | |||||
| CVE-2020-19890 | 1 Dbhcms Project | 1 Dbhcms | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content. | |||||
| CVE-2020-16194 | 1 Store-opart | 1 Quote | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields. | |||||
| CVE-2020-10779 | 1 Redhat | 1 Cloudforms | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms. | |||||
| CVE-2019-9938 | 1 Ushareit | 1 Shareit | 2021-07-21 | 2.9 LOW | 5.3 MEDIUM |
| The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device." | |||||
| CVE-2020-15958 | 1 1crm | 1 1crm | 2021-07-21 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL. | |||||
| CVE-2020-23722 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters. | |||||
| CVE-2020-13700 | 1 Acf To Rest Api Project | 1 Acf To Rest Api | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values. | |||||
| CVE-2020-5194 | 1 Cerberusftp | 1 Ftp Server | 2021-07-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists. | |||||
| CVE-2021-21324 | 1 Glpi-project | 1 Glpi | 2021-03-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on "Solutions". This vulnerability gives an unauthorized user the ability to enumerate GLPI items names (including users logins) using the knowbase search form (requires authentication). To Reproduce: Perform a valid authentication at your GLPI instance, Browse the ticket list and select any open ticket, click on Solution form, then Search a solution form that will redirect you to the endpoint /"glpi/front/knowbaseitem.php?item_itemtype=Ticket&item_items_id=18&forcetab=Knowbase$1", and the item_itemtype=Ticket parameter present in the previous URL will point to the PHP alias of glpi_tickets table, so just replace it with "Users" to point to glpi_users table instead; in the same way, item_items_id=18 will point to the related column id, so changing it too you should be able to enumerate all the content which has an alias. Since such id(s) are obviously incremental, a malicious party could exploit the vulnerability simply by guessing-based attempts. | |||||
| CVE-2020-8297 | 1 Nextcloud | 1 Deck | 2021-03-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user. | |||||
| CVE-2020-26178 | 1 Tangro | 1 Business Workflow | 2020-12-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated. | |||||
| CVE-2020-13357 | 1 Gitlab | 1 Gitlab | 2020-12-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project. | |||||
| CVE-2020-27742 | 1 Citadel | 1 Webcit | 2020-11-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. | |||||
| CVE-2019-5466 | 1 Gitlab | 1 Gitlab | 2020-10-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. | |||||
| CVE-2020-8235 | 1 Nextcloud | 1 Deck | 2020-10-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. | |||||
| CVE-2020-16240 | 1 Ge | 1 Asset Performance Management Classic | 2020-10-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges. | |||||
| CVE-2019-15725 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. | |||||
| CVE-2019-7854 | 1 Magento | 1 Magento | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details. | |||||
| CVE-2019-7890 | 1 Magento | 1 Magento | 2020-08-24 | 7.5 HIGH | 7.3 HIGH |
| An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details. | |||||