CWE-639— Authorization Bypass Through User-Controlled Key (IDOR)

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due t…

A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulatio…

Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.

Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through <= 2.1.8.

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.

Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1.

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100.

Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.This issue affects Propovoice CRM: from n/a through 1.7.6.4.

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3928.

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102.

Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. The issue was fixed in version JUN23 #190.

Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.

A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validate the device tokens. This could allow a…

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to d…

A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key m…

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket.

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of s…

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks ar…

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organiza…

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users…

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL …

Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mes…

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitiv…

An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user token…

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app rout…

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attac…

Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This issue affects Salon booking system: from n/a through <= 10.9.

An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved …

The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request

This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request …

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_user.php of the component HTTP Request Parameter Handler. The manipulat…

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file admin_class.php. The manipulation of the argument type with the input 1 leads t…

An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation.

ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege.

The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it…

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for a…

The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege. We have already fixed the vulnera…

Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1.

java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.

SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) via the powerStationService API model.

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the commonService API model.

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService API model.

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService API model.

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the userService API model.

An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.

An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or datase…