Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,811 vulnerabilities with CWE-639

CVE-2024-2543 MEDIUM

Permalink Manager Lite <= 2.4.3.1 - Unauthenticated Data Access via Missing Capability Check

CVE-2024-2261 MEDIUM

Event Tickets and Registration <= 5.8.2 - Authenticated Sensitive Information Exposure via RSVP Functionality

CVE-2024-1289 MEDIUM

LearnPress - WordPress LMS Plugin <4.2.6.3 - Info Disclosure

CVE-2024-0872 MEDIUM

Watu Quiz <= 3.4.1 - Authenticated Sensitive Information Exposure via watu-userinfo Shortcode

CVE-2024-27630 HIGH

GNU Savane < 3.13 - Unauthenticated Arbitrary File Deletion via trackers_data_delete_file Function

CVE-2024-31815 CRITICAL

TOTOLINK EX200 V4.0.3c.7314_B20191204 - Info Disclosure

CVE-2024-31296 MEDIUM

BookingPress <= 1.0.81 - Authorization Bypass Through User-Controlled Key

CVE-2024-31291 MEDIUM

ProfileGrid <= 5.7.6 - Authorization Bypass Through User-Controlled Key

CVE-2024-3139 MEDIUM

SourceCodester Computer Laboratory Management System 1.0 - Improper Authorization in Users.php save_users Function

CVE-2024-31095 MEDIUM

Ricard Torres Thumbs Rating <5.1.0 - Auth Bypass

CVE-2024-30543 MEDIUM

UPQODE Whizzy < 1.1.18 - Insecure Direct Object Reference

CVE-2024-30513 MEDIUM

ProfileGrid < 5.7.2 - Authorization Bypass Through User-Controlled Key

CVE-2024-30507 LOW

Molongui < 4.7.7 - Authorization Bypass Through User-Controlled Key

CVE-2024-29024 MEDIUM

fit2cloud jumpserver 3.0.0-3.10.5 - Authenticated Insecure Direct Object Reference in File Manager Bulk Transfer

CVE-2024-29020 MEDIUM

fit2cloud jumpserver 3.0.0-3.10.5 - Authenticated Information Disclosure via Playbook ID

CVE-2024-1313 MEDIUM

Grafana 9.5.0-9.5.17, 10.0.0-10.0.12, 10.1.0-10.1.8, 10.2.0-10.2.5, 10.3.0-10.3.4 - Snapshot Deletion via View Key

CVE-2024-29194 HIGH

OneUptime 7.0.1803-7.0.1814 - Authorization Bypass via Client-Side is_master_admin Key Manipulation

CVE-2024-2538 MEDIUM

Permalink Manager Lite <= 2.4.3.1 - Authenticated Arbitrary Permalink Modification via Missing Capability Check

CVE-2024-1604 MEDIUM

BMC Control-M 9.0.20-9.0.20.237 and 9.0.21-9.0.21.200 - Authenticated Authorization Bypass in Report Management Module

CVE-2024-2577 HIGH

SourceCodester Employee Task Management System 1.0 - Authorization Bypass via admin_id Parameter

CVE-2024-2576 HIGH

SourceCodester Employee Task Management System 1.0 - Authorization Bypass via admin_id Parameter

CVE-2024-2575 HIGH

SourceCodester Employee Task Management System 1.0 - Authorization Bypass via task_id Parameter

CVE-2024-2574 HIGH

SourceCodester Employee Task Management System 1.0 - Authorization Bypass via edit-task.php task_id Parameter

CVE-2024-1640 MEDIUM

Contact Form Builder Plugin <2.10.1 - Info Disclosure

CVE-2024-0839 MEDIUM

FeedWordPress <2022.0222 - Info Disclosure

Previous Page 50 of 73 Next

Details

Vulnerabilities 1,811

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy