Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,811 vulnerabilities with CWE-639

CVE-2024-4843 MEDIUM

Trellix ePolicy Orchestrator - Privilege Escalation via Insecure Direct Object Reference

CVE-2024-4279 MEDIUM

Tutor LMS - Insecure Direct Object Reference

CVE-2024-4819 MEDIUM

Campcodes Online Laundry Management System 1.0 - Improper Authorization in admin_class.php

CVE-2024-4817 MEDIUM

Campcodes Online Laundry Management System 1.0 - Info Disclosure

CVE-2024-33818 HIGH

Globitel KSA SpeechLog v8.1 - Info Disclosure

CVE-2024-1693 MEDIUM

SP Project & Document Manager - Info Disclosure

CVE-2024-4538 HIGH

Janto Ticketing Software <4.3r10 - Info Disclosure

CVE-2024-4537 HIGH

Janto Ticketing Software <4.3r10 - Info Disclosure

CVE-2024-34383 MEDIUM

SEOPress < 7.7.1 - Authorization Bypass Through User-Controlled Key

CVE-2024-2346 MEDIUM

FileBird WordPress Plugin <= 5.6.3 - Authenticated IDOR via Folder Deletion

CVE-2024-24312 HIGH

Vaales Technologies V_QRS <2024-01-17 - Info Disclosure

CVE-2024-33383 HIGH

novel-plus < 4.3.0 - Arbitrary File Read via filePath Parameter

CVE-2024-28320 HIGH

Hospital Management System 1.0 - Authorization Bypass via Patient Edit User Endpoint

CVE-2024-33542 MEDIUM

Crelly Slider <= 1.4.5 - Authorization Bypass Through User-Controlled Key

CVE-2024-4294 MEDIUM

PHPGurukul Doctor Appointment Management System 1.0 - Improper Cont...

CVE-2024-33668 CRITICAL

Zammad < 6.3.0 - Authorization Bypass via Upload Cache FormID Brute Force

CVE-2024-32823 MEDIUM

FeedbackWP Rate my Post - WP Rating System <= 3.4.4 - Insecure Direct Object Reference

CVE-2024-32808 MEDIUM

ProfileGrid < 5.7.9 - Authorization Bypass Through User-Controlled Key

CVE-2024-32772 MEDIUM

ProfileGrid < 5.7.9 - Authorization Bypass Through User-Controlled Key

CVE-2024-32166 HIGH

Webid v1.2.1 - Horizontal Privilege Escalation

CVE-2024-32683 MEDIUM

Wpmet Wp Ultimate Review <= 2.2.5 - Authorization Bypass Through User-Controlled Key

CVE-2024-32604 MEDIUM

Plechev Andrey WP-Recall <16.26.5 - Auth Bypass

CVE-2024-1626 HIGH

lunary < 1.0.0 - Authenticated Insecure Direct Object Reference in Project Update Endpoint

CVE-2024-22439 MEDIUM

HPE FlexFabric/FlexNetwork - Privilege Escalation

CVE-2024-1625 MEDIUM

Lunary 0.3.0 - Insecure Direct Object Reference in Project Deletion

Previous Page 49 of 73 Next

Details

Vulnerabilities 1,811

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy