An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request.
An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of
An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the
Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, an
Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards.
Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references.
Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest ad
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by al
Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the Docu
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulner
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Authenticated Insecure Direct Object Reference (IDOR) vulnerability was iden
Insecure Direct Object Reference (IDOR) vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idU
Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files i
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged aut
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example databas
An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying
IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowi
A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulati
A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in
A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sens