Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,822 vulnerabilities with CWE-639

CVE-2023-6630 MEDIUM

Contact Form 7 - Insecure Direct Object Reference

CVE-2023-48783 MEDIUM

PortiPortal <7.2.1-<6.0.14-<5.3.8 - Auth Bypass

CVE-2023-49251 HIGH

SIMATIC CN 4100 < V2.7 - Privilege Escalation

CVE-2023-51502 HIGH

WooCommerce Stripe Payment Gateway <7.6.1 - Auth Bypass

CVE-2023-50342 HIGH

HCL DRYiCE MyXalytics - Insecure Direct Object Reference

CVE-2023-45893 HIGH

Floorsight Customer Portal Q3 2023 - Info Disclosure

CVE-2023-45892 HIGH

Floorsight Insights Q3 2023 - Info Disclosure

CVE-2023-51503 MEDIUM

WooPayments < 6.9.2 - Unauthenticated Insecure Direct Object Reference

CVE-2023-50267 MEDIUM

MeterSphere < 2.10.10 - Authenticated Improper Privilege Management

CVE-2023-46646 MEDIUM

GitHub Enterprise Server <3.17.19-3.11.0 - Info Disclosure

CVE-2023-49765 MEDIUM

Rate my Post - WP Rating System <= 3.4.1 - Insecure Direct Object Reference

CVE-2023-47191 MEDIUM

KaineLabs Youzify < 1.2.2 - Insecure Direct Object Reference

CVE-2023-32799 MEDIUM

WooCommerce Shipping Multiple Addresses < 3.8.3 - Insecure Direct Object Reference

CVE-2023-32747 MEDIUM

WooCommerce Bookings < 1.15.78 - Insecure Direct Object Reference

CVE-2023-35916 HIGH

WooPayments < 5.9.0 - Insecure Direct Object Reference

CVE-2023-35914 HIGH

WooCommerce Woo Subscriptions <5.1.2 - Auth Bypass

CVE-2023-36520 MEDIUM

MarketingFire Editorial Calendar <3.7.12 - Auth Bypass

CVE-2023-35876 HIGH

WooCommerce Square <= 3.8.1 - Authorization Bypass Through User-Controlled Key

CVE-2023-46311 LOW

Comments - wpDiscuz <= 7.6.3 - Authorization Bypass Through User-Controlled Key

CVE-2023-41796 MEDIUM

Sunshine Photo Cart < 3.0.0 - Authorization Bypass Through User-Controlled Key

CVE-2023-38513 MEDIUM

Jordy Meow Photo Engine <6.2.5 - Auth Bypass

CVE-2023-37871 HIGH

WooCommerce GoCardless <= 2.5.6 - Unauthenticated Insecure Direct Object Reference

CVE-2023-6929 HIGH

EuroTel ETL3100 v01c01 and v01x37 - Authorization Bypass via Insecure Direct Object Reference

CVE-2023-49812 MEDIUM

WP Photo Album Plus <= 8.5.02.005 - Insecure Direct Object Reference

CVE-2023-46701 MEDIUM

Mattermost < 7.8.14 - Unauthenticated Information Disclosure via Playbooks Plugin Timeline Endpoint

Previous Page 54 of 73 Next

Details

Vulnerabilities 1,822

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy