CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,576 vulnerabilities with CWE-639
CVE-2022-29627
MEDIUM
Online Market Place Site - IDOR
CVSS 4.3
CVE-2022-1949
HIGH
389-ds-base - Auth Bypass
CVSS 7.5
CVE-2022-30495
CRITICAL
Automotive Shop Management System - IDOR
CVSS 9.8
CVE-2022-1810
MEDIUM
Publify < 9.2.9 - IDOR
CVSS 4.3
CVE-2022-29434
MEDIUM
Spiffyplugins Spiffy Calendar < 4.9.0 - IDOR
CVSS 6.3
CVE-2022-29159
MEDIUM
Nextcloud Deck <1.4.8-1.6.1 - Privilege Escalation
CVSS 5.0
CVE-2022-1425
MEDIUM
2code Wpqa Builder < 5.2 - IDOR
CVSS 4.3
CVE-2022-27247
MEDIUM
Cdsoft Winhotel.mx - IDOR
CVSS 5.3
CVE-2022-1352
MEDIUM
Gitlab < 14.8.6 - IDOR
CVSS 5.3
CVE-2022-29008
MEDIUM
Bus Pass Management System v1.0 - Info Disclosure
CVSS 6.5
CVE-2022-28986
HIGH
LMS Doctor Simple <2021072900 - IDOR
CVSS 7.5
CVE-2022-23061
MEDIUM
Shopizer < 2.17.0 - IDOR
CVSS 6.5
CVE-2022-1461
MEDIUM
Open-emr Openemr < 6.1.0.1 - IDOR
CVSS 6.5
CVE-2022-1459
HIGH
openemr/openemr <6.1.0.1 - Info Disclosure
CVSS 8.3
CVE-2022-26665
HIGH
Tyler Odyssey Portal <17.1.20 - Info Disclosure
CVSS 7.5
CVE-2022-29287
MEDIUM
Kentico CMS <13.0.66 - Info Disclosure
CVSS 4.9
CVE-2022-22190
HIGH
Juniper Paragon Active Assurance Control Center - Improper Access Control
CVSS 7.4
CVE-2022-27108
MEDIUM
Orangehrm - IDOR
CVSS 4.3
CVE-2022-1165
CRITICAL
Plugin-planet Blackhole For Bad Bots < 3.3.2 - IDOR
CVSS 9.1
CVE-2022-22331
HIGH
IBM SterlingPartner Engagement Manager 6.2.0 - Info Disclosure
CVSS 7.1
CVE-2022-26254
MEDIUM
Wowonder - IDOR
CVSS 5.3
CVE-2022-0442
MEDIUM
UsersWP <1.2.3.1 - Info Disclosure
CVSS 4.3
CVE-2022-25471
HIGH
Open-emr Openemr - IDOR
CVSS 8.1
CVE-2022-0732
HIGH
Multiple Mobile Services - SSRF
CVSS 7.5
CVE-2022-0731
MEDIUM
dolibarr/dolibarr <16.0 - IDOR
CVSS 6.5
Details
Vulnerabilities
1,576
Exploit Likelihood
High