Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,822 vulnerabilities with CWE-639

CVE-2023-2702 HIGH

Finex Media Competition Management System < 23.07 - Authentication Bypass via User-Controlled Key

CVE-2023-2844 MEDIUM

GitHub cloudexplorer-dev/cloudexplorer-lite <v1.1.0 - Auth Bypass

CVE-2023-2713 CRITICAL

Rental Module < 23.05.15 - Authentication Bypass via User-Controlled Key

CVE-2023-2276 CRITICAL

WCFM Membership < 2.10.7 - Unauthenticated Insecure Direct Object Reference

CVE-2023-2548 MEDIUM

RegistrationMagic <= 5.2.0.5 - Authenticated Insecure Direct Object Reference

CVE-2023-31182 HIGH

EasyTor - Authorization Bypass

CVE-2023-30216 MEDIUM

newbee-mall < 2022-10-27 - Authorization Bypass via updateUserInfo Function

CVE-2023-30550 MEDIUM

MeterSphere < 2.9.0 - Authorization Bypass via Project ID Manipulation

CVE-2023-28656 HIGH

NGINX Management Suite - Privilege Escalation

CVE-2023-1911 MEDIUM

Blocksy Companion <1.8.82 - Info Disclosure

CVE-2023-1125 MEDIUM

Ruby Help Desk WordPress Plugin < 1.3.4 - Authorization Bypass via Ticket Modification

CVE-2023-2260 HIGH

alf < 2.0-m4-2304 - Authorization Bypass Through User-Controlled Key

CVE-2023-1417 MEDIUM

GitLab <15.9.4-15.10.1 - Info Disclosure

CVE-2023-0967 MEDIUM

Bhima 1.27.0 - Authenticated Insecure Direct Object Reference

CVE-2023-1750 HIGH

Nexx Smart Home - Privilege Escalation

CVE-2023-1749 MEDIUM

Nexx Smart Home - Code Injection

CVE-2023-26984 HIGH

Peppermint <0.2.4 - Info Disclosure

CVE-2023-24842 MEDIUM

HGiga MailSherlock - Info Disclosure

CVE-2023-24834 MEDIUM

WisdomGarden Tronclass - Privilege Escalation

CVE-2023-24625 MEDIUM

Faveo 5.0.1 - Insecure Direct Object Reference via User ID

CVE-2023-28686 HIGH

Dino <0.2.3, 0.3.x <0.3.2, 0.4.x <0.4.2 - Info Disclosure

CVE-2023-28334 MEDIUM

Moodle 4.0.0-4.0.6 and 4.1.0-4.1.1 - Authenticated User Enumeration via Learning Plans Page

CVE-2023-1462 HIGH

Vadi Corporate Information Systems DigiKent <23.03.20 - Auth Bypass

CVE-2023-0865 HIGH

WooCommerce Multiple Customer Addresses & Shipping < 21.7 - Authenticated Authorization Bypass via Address Management

CVE-2023-1463 MEDIUM

nilsteampassnet/teampass <3.0.0.23 - Auth Bypass

Previous Page 58 of 73 Next

Details

Vulnerabilities 1,822

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy