Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,822 vulnerabilities with CWE-639

CVE-2023-48641 HIGH

Archer Platform 6.x <6.14 P1 HF2 - Privilege Escalation

CVE-2023-6341 MEDIUM

Catalis CMS360 - Unauthenticated Sensitive Document Access via URL Parameter Manipulation

CVE-2023-6226 MEDIUM

WP Shortcodes Plugin - Insecure Direct Object Reference

CVE-2023-49298 HIGH

OpenZFS <2.1.14, <2.2.2 - Info Disclosure

CVE-2023-33706 MEDIUM

SysAid < 23.2.15 - Unauthenticated Insecure Direct Object Reference via EmailHtmlSourceIframe.jsp or ShowMessage.jsp

CVE-2023-47316 MEDIUM

Headwind MDM Web panel 5.22.1 - Incorrect Access Control

CVE-2023-48304 MEDIUM

Nextcloud Server 22.0.0-22.2.10.15, 25.0.0-25.0.10 - Authorization Bypass via Birthday Calendar Toggle

CVE-2023-6144 CRITICAL

Dev blog v1.0 - Unauthenticated Account Takeover via User Cookie

CVE-2023-38884 HIGH

openSIS Classic 9.0 - Unauthenticated Insecure Direct Object Reference via Student Files Endpoint

CVE-2023-43900 MEDIUM

EMSigner 2.8.7 - Authorization Bypass via DocumentID and EncryptedDocumentId Parameter Manipulation

CVE-2023-46446 MEDIUM

asyncssh < 2.14.1 - Rogue Session Attack via Packet Injection

CVE-2023-5544 MEDIUM

moodle 3.9.0-3.9.23 and <4.3.0-rc2 - Stored Cross-Site Scripting and Insecure Direct Object Reference in Wiki Comments

CVE-2023-45380 HIGH

silbersaiten order_duplicator <= 1.1.7 - Unauthenticated Personal Information Disclosure

CVE-2023-41356 MEDIUM

NCSIST ManageEngine MDM - Path Traversal

CVE-2023-38965 CRITICAL

Lost and Found Information System 1.0 - Privilege Escalation

CVE-2023-4836 MEDIUM

WordPress File Sharing Plugin <2.0.5 - Info Disclosure

CVE-2023-46478 HIGH

minCal 1.0.0 - Code Execution via customer_data Parameter

CVE-2023-3998 MEDIUM

wpDiscuz <= 7.6.3 - Unauthenticated Data Modification via userRate Function

CVE-2023-3869 MEDIUM

wpDiscuz <= 7.6.3 - Unauthenticated Comment Rating Manipulation via voteOnComment Function

CVE-2023-43668 CRITICAL

Apache InLong 1.4.0-1.8.0 - Authorization Bypass via Sensitive Parameter Check Bypass

CVE-2023-45393 MEDIUM

GRANDING UTime Master v9.0.7-Build:Apr 4,2023 - Authenticated Information Disclosure via IDOR

CVE-2023-45396 MEDIUM

Elenos ETG150 Firmware 3.12 - Authorization Bypass via Insecure Direct Object Reference

CVE-2023-44981 CRITICAL

Apache ZooKeeper < 3.7.2 - Authorization Bypass via Missing SASL Instance Part

CVE-2023-44249 MEDIUM

FortiAnalyzer and FortiManager < 7.2.3 - Authorization Bypass via Crafted HTTP Requests

CVE-2023-42455 HIGH

Wazuh Dashboard 4.4.0-4.4.1 - Authorization Bypass via API Key Exposure

Previous Page 55 of 73 Next

Details

Vulnerabilities 1,822

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy