Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,822 vulnerabilities with CWE-639

CVE-2023-26237 MEDIUM

WatchGuard EPDR <8.0.21.0002 - Privilege Escalation

CVE-2023-2544 MEDIUM

UPV PEIX - Authenticated Authorization Bypass via pdf_curri_new.php ID Parameter

CVE-2023-32669 MEDIUM

BuddyBoss 2.2.9 - Insecure Direct Object Reference in User Albums

CVE-2023-4101 HIGH

QSige SSO - Missing Access Control on Resource Requests

CVE-2023-4099 HIGH

QSige Monitor - Authenticated Authorization Bypass Through User-Controlled Key

CVE-2023-38872 LOW

gugoan Economizzer <0.9-beta1 - IDOR

CVE-2023-4934 HIGH

Usta AYBS < 1.0.3 - Authentication Bypass via User-Controlled Key

CVE-2023-44206 CRITICAL

Acronis Cyber Protect 15 < build 35979 - Sensitive Information Disclosure and Manipulation

CVE-2023-44205 MEDIUM

Acronis Cyber Protect 15 < 35979 - Sensitive Information Disclosure via Improper Authorization

CVE-2023-44154 HIGH

Acronis Cyber Protect <35979 - Info Disclosure

CVE-2023-42334 MEDIUM

fl3xx Crew and Dispatch 2.10.37 - Authorization Bypass via User Parameter

CVE-2023-4213 HIGH

Simplr Registration Form Plus+ <2.4.5 - Info Disclosure

CVE-2023-41368 LOW

S4 HANA Manage checkbook apps <108 - SSRF

CVE-2023-4587 HIGH

ZKTeco ZEM800 <6.60 - Info Disclosure

CVE-2023-2173 MEDIUM

BadgeOS plugin <3.7.1.6 - Info Disclosure

CVE-2023-2172 MEDIUM

BadgeOS <= 3.7.1.6 - Authenticated Insecure Direct Object Reference in AJAX Step Handlers

CVE-2023-0689 MEDIUM

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated Information Disclosure via mf_first_name Shortcode

CVE-2023-38201 MEDIUM

Keylime < 7.5.0 - Authorization Bypass via Challenge-Response Protocol

CVE-2023-32078 HIGH

Netmaker < 0.17.1 and 0.18.0-0.18.5 - Insecure Direct Object Reference in User Update Function

CVE-2023-27576 MEDIUM

phpList <3.6.14 - Super Admin Account Takeover via IDOR

CVE-2023-28481 HIGH

Tigergraph Enterprise 3.7.0 - Info Disclosure

CVE-2023-37543 HIGH

Cacti < 1.2.6 - Insecure Direct Object Reference via local_graph_id Parameter

CVE-2023-2958 CRITICAL

Origin Software ATS Pro < 20230714 - Authentication Bypass via User-Controlled Key

CVE-2023-3700 MEDIUM

easyappointments < 1.5.0 - Authorization Bypass Through User-Controlled Key

CVE-2023-2190 MEDIUM

GitLab CE/EE <15.11.10-16.0.6-16.1.1 - Info Disclosure

Previous Page 56 of 73 Next

Details

Vulnerabilities 1,822

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy