Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,822 vulnerabilities with CWE-639

CVE-2023-49112 MEDIUM

Kiuwan SAST < master.1808.p685.q13371 - Authenticated Information Disclosure via Application Info Endpoint

CVE-2023-40720 HIGH

FortiVoiceEnterprise <7.0.1, <=6.4.8 - Auth Bypass

CVE-2023-6897 MEDIUM

EAN for WooCommerce <= 4.9.2 - Authenticated Insecure Direct Object Reference via alg_wc_ean_product_meta Shortcode

CVE-2023-45808 MEDIUM

iTop < 2.7.10 - Authorization Bypass via Extkey Manipulation

CVE-2023-51141 MEDIUM

ZKTeko BioTime <8.5.4 - Info Disclosure

CVE-2023-6317 HIGH

secondscreen.gateway <7 - Privilege Escalation

CVE-2023-6523 HIGH

ExtremePacs Extreme XDS <3914 - Auth Bypass

CVE-2023-36483 MEDIUM

MASmobile Classic <1.16.18-1.7.24 - Auth Bypass

CVE-2023-36238 MEDIUM

Bagisto 1.5.1 - Insecure Direct Object Reference via Invoice ID Parameter

CVE-2023-6969 MEDIUM

User Shortcodes Plus <= 2.0.2 - Authenticated Insecure Direct Object Reference via User Meta Shortcode

CVE-2023-7198 MEDIUM

WP Dashboard Notes < 1.0.11 - Authenticated Insecure Direct Object Reference via post_id Parameter

CVE-2023-49339 MEDIUM

Ellucian Banner 9.17 - Info Disclosure

CVE-2023-6724 HIGH

Hearing Tracking System < 7.0 for iOS and < 1.0 for Android - Authentication Abuse via User-Controlled Key

CVE-2023-6515 HIGH

Mia Technology Inc. MA-MED < 1.0.7 - Authentication Abuse via User-Controlled Key

CVE-2023-47022 MEDIUM

NCR Terminal Handler <1.5.1 - Info Disclosure

CVE-2023-6983 MEDIUM

Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference via vg_display_data Shortcode

CVE-2023-7199 MEDIUM

Relevanssi < 4.22.0 and Relevanssi Premium < 2.25.0 - Unauthenticated Authorization Bypass via Crafted Request

CVE-2023-6384 MEDIUM

WP User Profile Avatar <1.0.1 - Auth Bypass

CVE-2023-7031 MEDIUM

Avaya Aura Experience Portal 8.0.0-8.1.2.0.0402 - Authenticated Insecure Direct Object Reference

CVE-2023-36235 MEDIUM

Webkul QloApps <1.6.0 - Info Disclosure

CVE-2023-6824 MEDIUM

WP Customer Area < 8.2.1 - Unauthenticated User Data Exposure via AJAX Action Capability Bypass

CVE-2023-6875 CRITICAL

Wordpress POST SMTP Account Takeover

CVE-2023-6504 MEDIUM

User Profile Builder <3.10.7 - Info Disclosure

CVE-2023-6506 MEDIUM

WP 2FA - Insecure Direct Object Reference

CVE-2023-6223 MEDIUM

LearnPress <4.2.5.7 - Info Disclosure

Previous Page 53 of 73 Next

Details

Vulnerabilities 1,822

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy