CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,575 vulnerabilities with CWE-639
CVE-2023-6929
HIGH
Eurotel Etl3100 Firmware - IDOR
CVSS 7.5
CVE-2023-49812
MEDIUM
Wppa WP Photo Album Plus < 8.5.02.005 - IDOR
CVSS 5.3
CVE-2023-46701
MEDIUM
Mattermost - Info Disclosure
CVSS 6.5
CVE-2023-48641
HIGH
Archer Platform 6.x <6.14 P1 HF2 - Privilege Escalation
CVSS 7.5
CVE-2023-6341
MEDIUM
CMS360 - Info Disclosure
CVSS 5.3
CVE-2023-6226
MEDIUM
WP Shortcodes Plugin - Insecure Direct Object Reference
CVSS 4.3
CVE-2023-49298
HIGH
OpenZFS <2.1.14, <2.2.2 - Info Disclosure
CVSS 7.5
CVE-2023-33706
MEDIUM
SysAid <23.2.15 - Info Disclosure
CVSS 6.5
CVE-2023-47316
MEDIUM
H-mdm Headwind Mdm - IDOR
CVSS 5.4
CVE-2023-48304
MEDIUM
Nextcloud Server < 22.2.10.16 - IDOR
CVSS 4.3
CVE-2023-6144
CRITICAL
Dev Blog v1.0 - Info Disclosure
CVSS 9.1
CVE-2023-38884
HIGH
openSIS Classic 9.0 - IDOR
CVSS 7.5
CVE-2023-43900
MEDIUM
EMSigner v2.8.7 - Info Disclosure
CVSS 6.5
CVE-2023-46446
MEDIUM
AsyncSSH <2.14.1 - RCE
CVSS 6.8
CVE-2023-5544
MEDIUM
Moodle < 3.9.24 - XSS
CVSS 6.5
CVE-2023-45380
HIGH
Silbersaiten Order Duplicator < 1.1.8 - IDOR
CVSS 8.8
CVE-2023-41356
MEDIUM
NCSIST ManageEngine MDM - Path Traversal
CVSS 6.5
CVE-2023-38965
CRITICAL
Lost and Found Information System 1.0 - Privilege Escalation
CVSS 9.8
CVE-2023-4836
MEDIUM
WordPress File Sharing Plugin <2.0.5 - Info Disclosure
CVSS 4.3
CVE-2023-46478
HIGH
minCal <1.0.0 - RCE
CVSS 8.8
CVE-2023-3998
MEDIUM
Gvectors Wpdiscuz < 7.6.3 - Missing Authorization
CVSS 5.3
CVE-2023-3869
MEDIUM
wpDiscuz <7.6.3 - Info Disclosure
CVSS 5.3
CVE-2023-43668
CRITICAL
Apache InLong <1.9.0 - Auth Bypass
CVSS 9.8
CVE-2023-45393
MEDIUM
Grandingteco Utime Master - IDOR
CVSS 6.5
CVE-2023-45396
MEDIUM
Elenos Etg150 Firmware - IDOR
CVSS 6.5
Details
Vulnerabilities
1,575
Exploit Likelihood
High