CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,575 vulnerabilities with CWE-639
CVE-2024-23747
HIGH
Modernasistemas Modernanet Hospital Management System 2024 - IDOR
CVSS 7.5
CVE-2024-0580
MEDIUM
IDMSistemas - Info Disclosure
CVSS 6.5
CVE-2024-22206
CRITICAL
Clerk <4.29.2 - Privilege Escalation
CVSS 9.0
CVE-2024-0264
HIGH
Oretnom23 Clinic Queuing System - IDOR
CVSS 7.3
CVE-2023-36331
HIGH
xmall v1.1 - Info Disclosure
CVSS 8.2
CVE-2023-53955
CRITICAL
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Auth Bypass
CVSS 9.8
CVE-2023-53930
HIGH
ProjectSend r1605 - Info Disclosure
CVSS 7.5
CVE-2023-53914
CRITICAL
UliCMS 2023.1 - Auth Bypass
CVSS 9.8
CVE-2023-47543
MEDIUM
Fortinet Fortiportal < 7.0.4 - IDOR
CVSS 5.4
CVE-2023-32189
MEDIUM
Product <Version - Local Privilege Escalation
CVSS 5.9
CVE-2023-7286
MEDIUM
ACF Quick Edit Fields <3.2.2 - Info Disclosure
CVSS 6.5
CVE-2023-44254
MEDIUM
Fortinet Fortianalyzer < 7.2.5 - IDOR
CVSS 5.0
CVE-2023-7049
MEDIUM
Custom Field For WP Job Manager <1.3 - Insecure Direct Object Refer...
CVSS 4.3
CVE-2023-3290
MEDIUM
Easyappointments < 1.5.0 - IDOR
CVSS 5.0
CVE-2023-3289
HIGH
Easyappointments < 1.5.0 - IDOR
CVSS 7.7
CVE-2023-3288
HIGH
Easyappointments < 1.5.0 - IDOR
CVSS 8.5
CVE-2023-3287
CRITICAL
Easyappointments < 1.5.0 - IDOR
CVSS 9.9
CVE-2023-3286
HIGH
Easyappointments < 1.5.0 - IDOR
CVSS 7.7
CVE-2023-38055
CRITICAL
Easyappointments < 1.5.0 - IDOR
CVSS 9.6
CVE-2023-38054
CRITICAL
Easyappointments < 1.5.0 - IDOR
CVSS 9.9
CVE-2023-38053
CRITICAL
Easyappointments < 1.5.0 - IDOR
CVSS 9.9
CVE-2023-38052
CRITICAL
Easyappointments < 1.5.0 - IDOR
CVSS 9.9
CVE-2023-38051
CRITICAL
Easyappointments < 1.5.0 - IDOR
CVSS 9.9
CVE-2023-38050
CRITICAL
Easyappointments < 1.5.0 - IDOR
CVSS 9.1
CVE-2023-38049
CRITICAL
Easyappointments < 1.5.0 - IDOR
CVSS 9.9
Details
Vulnerabilities
1,575
Exploit Likelihood
High