Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,800 vulnerabilities with CWE-639

CVE-2024-8428 HIGH

ForumWP <= 2.0.2 - Authenticated Privilege Escalation via IDOR

CVE-2024-1744 HIGH

Accord ORS < 7.3.2.1 - Authorization Bypass and Sensitive Data Exposure

CVE-2024-8292 CRITICAL

WP-Recall < 16.26.9 - Unauthenticated Privilege Escalation via Order Creation

CVE-2024-8123 MEDIUM

WP Extended <3.0.8 - Insecure Direct Object Reference

CVE-2024-45232 MEDIUM

in2code powermail <7.5.0 and 11.0.0-12.3.5 - Unauthenticated Insecure Direct Object Reference via Mail Parameter

CVE-2024-40395 MEDIUM

PTC ThingWorx <9.5.0 - Info Disclosure

CVE-2024-43916 MEDIUM

Zephyr Project Manager <= 3.3.102 - Authorization Bypass Through User-Controlled Key

CVE-2024-8158 MEDIUM

9front lib9p < 2024-08-24 - Authorization Bypass via Tauth/Tattach Uname Mismatch

CVE-2024-7848 MEDIUM

Mediajedi User Private Files < 2.1.1 - IDOR

CVE-2024-43350 MEDIUM

Propovoice CRM <1.7.6.4 - Auth Bypass

CVE-2024-43322 MEDIUM

Dylan James Zephyr Project Manager <3.3.100 - Auth Bypass

CVE-2024-43315 HIGH

Stripe Payments For WooCommerce <1.9.1 - Auth Bypass

CVE-2024-43288 MEDIUM

wpForo Forum < 2.3.4 - Authorization Bypass Through User-Controlled Key

CVE-2024-43266 MEDIUM

WP Job Portal <= 2.1.8 - Insecure Direct Object Reference

CVE-2024-43239 MEDIUM

Masteriyo - LMS <1.11.4 - Auth Bypass

CVE-2024-42464 MEDIUM

upKeeper Manager <5.1.9 - Auth Bypass

CVE-2024-42463 MEDIUM

upKeeper Manager <5.1.9 - Auth Bypass

CVE-2024-27730 CRITICAL

Friendica 2023.12 - Authorization Bypass and Remote Code Execution via Calendar Event cid Parameter

CVE-2024-6534 MEDIUM

Directus v10.13.0 - Privilege Escalation

CVE-2024-21981 MEDIUM

AMD Secure Processor - Info Disclosure

CVE-2024-39642 MEDIUM

ThimPress LearnPress <4.2.6.8.2 - Auth Bypass

CVE-2024-7658 MEDIUM

projectsend <r1605 - Info Disclosure

CVE-2024-3035 MEDIUM

GitLab 8.12-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Authorization Bypass via LFS Token

CVE-2024-6357 MEDIUM

OpenText ArcSight Intelligence - Info Disclosure

CVE-2024-7438 MEDIUM

SimpleMachines SMF 2.1.4 - Improper Control of Resource Identifiers

Previous Page 46 of 72 Next

Details

Vulnerabilities 1,800

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy