Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,800 vulnerabilities with CWE-639

CVE-2024-10779 MEDIUM

Cowidgets - Elementor Addons <= 1.2.0 - Authenticated Information Exposure via ce_template Shortcode

CVE-2024-52313 MEDIUM

data.all 1.0.0-2.6.0 - Authenticated Authorization Bypass via getDataset Query

CVE-2024-43438 HIGH

Moodle 4.1.0-4.1.11 - Authorization Bypass in Feedback Bulk Messaging

CVE-2024-51559 MEDIUM

63moons Wave 2.0 < 1.1.7 - Authenticated Authorization Bypass via API Parameter Manipulation

CVE-2024-48217 HIGH

SiSMART v7.4.0 - Privilege Escalation

CVE-2024-37277 HIGH

Paid Memberships Pro <= 3.0.4 - Authorization Bypass via User-Controlled Key

CVE-2024-10654 MEDIUM

TOTOLINK LR350 <= 9.3.5u.6369 - Authorization Bypass via authCode Parameter

CVE-2024-51066 HIGH

Phpgurukul Beauty Parlour Management System 1.1 - Unauthorized Data Access via IDOR in appointment-detail.php

CVE-2024-9700 MEDIUM

Forminator Forms < 1.36.1 - Unauthenticated Insecure Direct Object Reference via Quiz Entry ID

CVE-2024-10452 LOW

Grafana Organization Invites - Cross-Organization Deletion

CVE-2024-7474 HIGH

lunary < 1.3.4 - Unauthenticated Insecure Direct Object Reference via ID Parameter

CVE-2024-7473 MEDIUM

Lunary Evaluations - Insecure Direct Object Reference Prompt Update

CVE-2024-50483 CRITICAL

Tareq Hasan Meetup <= 0.1 - Privilege Escalation via Authorization Bypass

CVE-2024-10439 MEDIUM

sun.net ehrd_ctms < 10.8 - Unauthenticated Insecure Direct Object Reference

CVE-2024-9637 HIGH

WPSchoolPress <= 2.2.10 - Authenticated Privilege Escalation via Email Update

CVE-2024-10121 HIGH

wfh45678 Radar <1.0.8 - Auth Bypass

CVE-2024-9263 CRITICAL

WP Timetics <1.0.25 - Privilege Escalation

CVE-2024-9862 CRITICAL

Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change

CVE-2024-9215 HIGH

WordPress PublishPress Authors <4.7.1 - Privilege Escalation

CVE-2024-8040 HIGH

3DSwym <Release 3DEXPERIENCE R2024x - Auth Bypass

CVE-2024-49388 CRITICAL

Acronis Cyber Protect <38690 - Info Disclosure

CVE-2024-9687 HIGH

WP 2FA with Telegram <= 3.0 - Authenticated Authentication Bypass via Insufficient Key Validation

CVE-2024-46528 MEDIUM

KubeSphere 3.x-3.4.1, 3.x-3.5.0, 4.x<4.1.3 - Authenticated Insecure Direct Object Reference

CVE-2024-47495 MEDIUM

Juniper Networks Junos OS Evolved - Auth Bypass

CVE-2024-7041 MEDIUM

open-webui v0.3.8 - Authorization Bypass via Memories Update API Endpoint

Previous Page 44 of 72 Next

Details

Vulnerabilities 1,800

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy