Total
653 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34770 | 1 Tabit | 1 Tabit | 2024-09-17 | 4.6 Medium |
| Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a ‘tiny URL’ in Tabit’s domain, in the form of https://tbit.be/{suffix} with suffix being a 5 characters long string containing numbers, lower- and upper-case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. This is both an example of OWASP: API4 - rate limiting and OWASP: API1 - Broken object level authorization. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information. For example: The URL https://tabitisrael.co.il/online-reservations/health-statement?orgId={org_id}&healthStatementId={health_statement_id} is used to invite friends to fill a health statement before attending the restaurant. We can use the health_statement_id to access the https://tgm-api.tabit.cloud/health-statement/{health_statement_id} API which disclose medical information as well as id number. | ||||
| CVE-2017-15204 | 1 Kanboard | 1 Kanboard | 2024-09-17 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. | ||||
| CVE-2022-34775 | 1 Tabit | 1 Tabit | 2024-09-17 | 6.3 Medium |
| Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack. | ||||
| CVE-2020-4918 | 1 Ibm | 1 Cloud Pak System | 2024-09-17 | 4.4 Medium |
| IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392. | ||||
| CVE-2021-36865 | 1 Quizandsurveymaster | 1 Quiz And Survey Master | 2024-09-17 | 3.8 Low |
| Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz. | ||||
| CVE-2021-36906 | 1 Expresstech | 1 Quiz And Survey Master | 2024-09-17 | 2.7 Low |
| Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. | ||||
| CVE-2021-36032 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-09-17 | 8.3 High |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation. | ||||
| CVE-2017-15197 | 1 Kanboard | 1 Kanboard | 2024-09-17 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. | ||||
| CVE-2021-29773 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-09-17 | 5.4 Medium |
| IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865. | ||||
| CVE-2022-33944 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2024-09-17 | 6.5 Medium |
| The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs. | ||||
| CVE-2021-37215 | 1 Larvata | 1 Flygo | 2024-09-17 | 4.3 Medium |
| The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee’s user data by specifying that employee’s ID in the API parameter. | ||||
| CVE-2021-21013 | 1 Adobe | 1 Magento | 2024-09-17 | 8.1 High |
| Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account. | ||||
| CVE-2020-29446 | 1 Atlassian | 2 Crucible, Fisheye | 2024-09-17 | 5.3 Medium |
| Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5. | ||||
| CVE-2017-15206 | 1 Kanboard | 1 Kanboard | 2024-09-17 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. | ||||
| CVE-2021-37212 | 1 Larvata | 1 Flygo | 2024-09-17 | 5.4 Medium |
| The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content. | ||||
| CVE-2022-23061 | 1 Shopizer | 1 Shopizer | 2024-09-17 | 6.5 Medium |
| In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability. | ||||
| CVE-2021-37213 | 1 Larvata | 1 Flygo | 2024-09-17 | 4.3 Medium |
| The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee’s check-in record. | ||||
| CVE-2022-40206 | 1 Gvectors | 1 Wpforo Forum | 2024-09-17 | 6.3 Medium |
| Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. | ||||
| CVE-2021-37214 | 1 Larvata | 1 Flygo | 2024-09-17 | 8.8 High |
| The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator privilege and execute arbitrary command. | ||||
| CVE-2022-40205 | 1 Gvectors | 1 Wpforo Forum | 2024-09-16 | 5.4 Medium |
| Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. | ||||