Total
755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0731 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2021-24739 | 1 Shapedplugin | 1 Logo Carousel | 2022-11-09 | 5.5 MEDIUM | 8.1 HIGH |
| The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature | |||||
| CVE-2022-39945 | 1 Fortinet | 1 Fortimail | 2022-11-03 | N/A | 6.5 MEDIUM |
| An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR). | |||||
| CVE-2021-3813 | 1 Chatwoot | 1 Chatwoot | 2022-10-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. | |||||
| CVE-2021-32654 | 1 Nextcloud | 1 Nextcloud Server | 2022-10-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing. | |||||
| CVE-2021-22906 | 1 Nextcloud | 1 End-to-end Encryption | 2022-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. | |||||
| CVE-2021-24318 | 1 Purethemes | 1 Listeo | 2022-10-25 | 5.5 MEDIUM | 6.5 MEDIUM |
| The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector. | |||||
| CVE-2021-36032 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2022-10-24 | 6.5 MEDIUM | 8.8 HIGH |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation. | |||||
| CVE-2021-21255 | 1 Glpi-project | 1 Glpi | 2022-10-14 | 3.5 LOW | 5.7 MEDIUM |
| GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4. | |||||
| CVE-2022-1580 | 1 Freehtmldesigns | 1 Site Offline | 2022-09-21 | N/A | 4.3 MEDIUM |
| The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature. | |||||
| CVE-2022-38789 | 1 Airties | 6 Air 4920, Air 4920 Firmware, Air 4921 and 3 more | 2022-09-20 | N/A | 9.1 CRITICAL |
| An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference. | |||||
| CVE-2022-2877 | 1 Cm-wp | 1 Titan Anti-spam \& Security | 2022-09-20 | N/A | 5.3 MEDIUM |
| The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. | |||||
| CVE-2022-36539 | 1 Eigen\&wijzer Ouderapp Project | 1 Eigen\&wijzer Ouderapp | 2022-09-12 | N/A | 7.5 HIGH |
| WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children. | |||||
| CVE-2022-26665 | 1 Tylertech | 1 Odyssey Portal | 2022-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records. | |||||
| CVE-2022-3019 | 1 Tooljet | 1 Tooljet | 2022-09-01 | N/A | 8.8 HIGH |
| The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | |||||
| CVE-2022-2080 | 1 Automattic | 1 Sensei Lms | 2022-09-01 | N/A | 4.3 MEDIUM |
| The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student | |||||
| CVE-2022-2198 | 1 2code | 1 Wpqa Builder | 2022-08-25 | N/A | 4.3 MEDIUM |
| The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced. | |||||
| CVE-2022-34621 | 1 Mealie | 1 Mealie | 2022-08-23 | N/A | 6.5 MEDIUM |
| Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter. | |||||
| CVE-2022-2535 | 1 Searchwp | 1 Searchwp Live Ajax Search | 2022-08-16 | N/A | 5.3 MEDIUM |
| The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink | |||||
| CVE-2021-41120 | 1 Sylius | 1 Paypal | 2022-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the Credit card form has prefilled "credit card holder" field with the Customer's first and last name and hence this can lead to personally identifiable information exposure. Additionally, the mentioned form did not require authentication. The problem has been patched in Sylius/PayPalPlugin 1.2.4 and 1.3.1. If users are unable to update they can override a sylius_paypal_plugin_pay_with_paypal_form route and change its URL parameters to (for example) {orderToken}/{paymentId}, then override the Sylius\PayPalPlugin\Controller\PayWithPayPalFormAction service, to operate on the payment taken from the repository by these 2 values. It would also require usage of custom repository method. Additionally, one could override the @SyliusPayPalPlugin/payWithPaypal.html.twig template, to add contingencies: ['SCA_ALWAYS'] line in hostedFields.submit(...) function call (line 421). It would then have to be handled in the function callback. | |||||