Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,796 vulnerabilities with CWE-639

CVE-2024-10925 MEDIUM

GitLab 16.2-17.7.5, 17.8-17.8.3, 17.9-17.9.0 - Guest User Security Policy YAML Exposure

CVE-2024-13832 MEDIUM

Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated Information Exposure via 'ut_elementor' Shortcode

CVE-2024-50693 CRITICAL

SunGrow iSolarCloud < 2024-10-31 - Insecure Direct Object Reference via userService API

CVE-2024-50689 CRITICAL

SunGrow iSolarCloud < 2024-10-31 - Insecure Direct Object Reference via orgService API

CVE-2024-50687 CRITICAL

SunGrow iSolarCloud < 2024-10-31 - Insecure Direct Object Reference via devService API

CVE-2024-50686 CRITICAL

SunGrow iSolarCloud < 2024-10-31 - Insecure Direct Object Reference via commonService API

CVE-2024-50685 CRITICAL

SunGrow iSolarCloud < 2024-10-31 - Insecure Direct Object Reference via powerStationService API

CVE-2024-13873 MEDIUM

WP Job Portal < 2.2.9 - Authenticated Insecure Direct Object Reference via deleteUserPhoto Function

CVE-2024-13855 MEDIUM

Prime Addons for Elementor <= 2.0.1 - Authenticated Insecure Direct Object Reference via pae_global_block Shortcode

CVE-2024-13854 MEDIUM

Education Addon for Elementor <= 1.3.1 - IDOR via naedu_elementor_template Shortcode

CVE-2024-13719 MEDIUM

PeproDev Ultimate Invoice <= 2.0.9 - Unauthenticated Insecure Direct Object Reference via Invoicing Viewer

CVE-2024-13740 MEDIUM

ProfileGrid <= 5.9.4.2 - Authenticated IDOR via pm_messenger_show_messages

CVE-2024-13692 MEDIUM

Return Refund and Exchange For WooCommerce < 4.4.5 - Unauthenticated Insecure Direct Object Reference

CVE-2024-34520 HIGH

Mavenir SCE Application Provisioning Portal - Authorization Bypass

CVE-2024-13601 MEDIUM

Majestic Support < 1.0.5 - Authenticated Insecure Direct Object Reference via Export User Erase Request

CVE-2024-13841 MEDIUM

Builder Shortcode Extras - Info Disclosure

CVE-2024-39033 HIGH

Newgensoft OmniDocs <11.0_SP1_03_006 - Info Disclosure

CVE-2024-9097 LOW

ManageEngine Endpoint Central 11.3.2428.01-11.3.2428.26 - Insecure Direct Object Reference via Chat Username Change

CVE-2024-12046 MEDIUM

Medical Addon for Elementor <1.6.2 - Info Disclosure

CVE-2024-13607 MEDIUM

JS Help Desk & Support Plugin <2.8.8 - Insecure Direct Object Refer...

CVE-2024-13429 MEDIUM

WP Job Portal - Insecure Direct Object Reference

CVE-2024-13428 MEDIUM

WP Job Portal <2.2.6 - Insecure Direct Object Reference

CVE-2024-13425 MEDIUM

WP Job Portal <2.2.6 - Insecure Direct Object Reference

CVE-2024-13372 MEDIUM

WP Job Portal <2.2.6 - Insecure Direct Object Reference

CVE-2024-12102 MEDIUM

Typer Core < 1.9.6 - Authenticated Information Exposure via Elementor-Template Shortcode

Previous Page 40 of 72 Next

Details

Vulnerabilities 1,796

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy