• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-639

CVE-2022-30852

February 23, 2023 by godfreyd94

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).

CVE-2022-30760

February 23, 2023 by godfreyd94

An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.

CVE-2022-30495

February 23, 2023 by godfreyd94

In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR – Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)

CVE-2022-3019

February 23, 2023 by godfreyd94

The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id’s might also be an option but I wouldn’t count on it, since it would take a long time to find a valid one).

CVE-2022-29627

February 23, 2023 by godfreyd94

An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers.

CVE-2022-29434

February 23, 2023 by godfreyd94

Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 39
  • Go to page 40
  • Go to page 41
  • Go to page 42
  • Go to page 43
  • Interim pages omitted …
  • Go to page 50
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE