Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,822 vulnerabilities with CWE-639

CVE-2023-30059 MEDIUM

MK-Auth 23.01K4.9 - Insecure Direct Object Reference

CVE-2023-36331 HIGH

xmall v1.1 - Unauthenticated Authorization Bypass via /member/orderList userId Parameter

CVE-2023-53955 CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Auth Bypass

CVE-2023-53930 HIGH

ProjectSend r1605 - Info Disclosure

CVE-2023-53914 CRITICAL

UliCMS 2023.1 - Unauthenticated Authentication Bypass via Mass Assignment in UserController

CVE-2023-47543 MEDIUM

FortiPortal 7.0.0-7.0.3 - Authenticated Authorization Bypass via HTTP/HTTPS Requests

CVE-2023-32189 MEDIUM

Product <Version - Local Privilege Escalation

CVE-2023-7286 MEDIUM

ACF Quick Edit Fields <3.2.2 - Info Disclosure

CVE-2023-44254 MEDIUM

FortiAnalyzer and FortiManager < 7.2.5 - Authorization Bypass via Crafted HTTP Request

CVE-2023-7049 MEDIUM

Custom Field For WP Job Manager <1.3 - Insecure Direct Object Refer...

CVE-2023-3290 MEDIUM

easyappointments < 1.5.0 - Authorization Bypass via POST /customers

CVE-2023-3289 HIGH

easyappointments < 1.5.0 - Authorization Bypass via POST /services

CVE-2023-3288 HIGH

easyappointments < 1.5.0 - Privilege Escalation via POST /providers

CVE-2023-3287 CRITICAL

easyappointments < 1.5.0 - Privilege Escalation via POST /admins

CVE-2023-3286 HIGH

easyappointments < 1.5.0 - Unauthenticated Broken Access Control via Secretary Creation

CVE-2023-38055 CRITICAL

easyappointments < 1.5.0 - Authenticated Authorization Bypass via Service ID Manipulation

CVE-2023-38054 CRITICAL

easyappointments < 1.5.0 - Unauthenticated Broken Object Level Authorization via Customer ID Manipulation

CVE-2023-38053 CRITICAL

easyappointments < 1.5.0 - Authenticated Authorization Bypass via Settings Endpoint

CVE-2023-38052 CRITICAL

easyappointments < 1.5.0 - Authorization Bypass via Admin ID Manipulation

CVE-2023-38051 CRITICAL

easyappointments < 1.5.0 - Unauthorized Access and Data Manipulation via Secretary ID Parameter

CVE-2023-38050 CRITICAL

easyappointments < 1.5.0 - Unauthenticated Broken Object Level Authorization via Webhook ID Manipulation

CVE-2023-38049 CRITICAL

easyappointments < 1.5.0 - Authenticated Broken Object Level Authorization via Appointment ID Manipulation

CVE-2023-38048 CRITICAL

easyappointments < 1.5.0 - Unauthenticated Authorization Bypass via Provider ID Manipulation

CVE-2023-38047 HIGH

easyappointments < 1.5.0 - Unauthorized Data Access and Manipulation via Category Endpoint

CVE-2023-3285 HIGH

easyappointments < 1.5.0 - Authorization Bypass via Appointment Creation

Previous Page 52 of 73 Next

Details

Vulnerabilities 1,822

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy