Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,822 vulnerabilities with CWE-639

CVE-2023-3105 HIGH

LearnDash LMS <4.6.0 - Info Disclosure

CVE-2023-30960 MEDIUM

Foundry Job-Tracker <4.645.0 - Info Disclosure

CVE-2023-30956 MEDIUM

Foundry Comments <2.267.0 - Info Disclosure

CVE-2023-3219 MEDIUM

EventON WordPress Plugin < 2.1.2 - Unauthenticated Insecure Direct Object Reference via event_id Parameter

CVE-2023-37242 CRITICAL

Huawei EMUI and HarmonyOS - Authorization Bypass via atcmdserver Module

CVE-2023-3063 HIGH

SP Project & Document Manager <4.67 - Insecure Direct Object Reference

CVE-2023-32352 MEDIUM

iPadOS < 16.5 - Gatekeeper Bypass via Logic Issue

CVE-2023-23679 MEDIUM

Jshelpdesk < 2.7.7 - IDOR

CVE-2023-26428 MEDIUM

Open-Xchange AppSuite Backend - Information Disclosure via Snippet ID

CVE-2023-21131 HIGH

Android - Local Privilege Escalation via Parcel Mismatch Bypass in ActivityManagerService

CVE-2023-34000 HIGH

WooCommerce Stripe Payment Gateway <7.4.0 - Info Disclosure

CVE-2023-3048 CRITICAL

TMT Lockcell Firmware < 15.0 - Authentication Bypass via User-Controlled Key

CVE-2023-1889 MEDIUM

Directorist <7.5.4 - Info Disclosure

CVE-2023-0694 MEDIUM

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated Information Disclosure via 'mf' Shortcode

CVE-2023-0693 MEDIUM

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated Information Disclosure via mf_transaction_id Shortcode

CVE-2023-0692 MEDIUM

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated Information Disclosure via mf_payment_status Shortcode

CVE-2023-0691 MEDIUM

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated Information Disclosure via mf_last_name Shortcode

CVE-2023-0688 MEDIUM

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated Information Disclosure via mf_thankyou Shortcode

CVE-2023-0985 HIGH

mbconnect24 and mymbconnect24 <= 2.13.3 - Authenticated Authorization Bypass via Password Change

CVE-2023-33956 MEDIUM

Kanboard < 1.2.30 - Insecure Direct Object Reference via file_id Parameter

CVE-2023-3066 HIGH

Mobatime mobile app <1.3.20 - Auth Bypass

CVE-2023-32310 HIGH

DataEase < 1.18.7 - Authorization Bypass via Dashboard and Message Deletion API

CVE-2023-2978 MEDIUM

Pydio Cells 4.2.0 - Authorization Bypass in Change Subscription Handler

CVE-2023-2883 HIGH

CBOT Chatbot <4.0.3.4-4.0.3.7 - Auth Bypass

CVE-2023-2065 HIGH

Armoli Cargo Tracking System < 3558f28 - Authentication Bypass via User-Controlled Key

Previous Page 57 of 73 Next

Details

Vulnerabilities 1,822

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy