CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,578 vulnerabilities with CWE-639
CVE-2019-15815
MEDIUM
ZyXEL P-1302-T10D <2.00(ABBX.3) - Privilege Escalation
CVSS 6.5
CVE-2019-17605
HIGH
Eyecomms Eyecms < 2019-10-15 - IDOR
CVSS 8.8
CVE-2019-17604
MEDIUM
Eyecomms Eyecms < 2019-10-15 - IDOR
CVSS 4.3
CVE-2019-8235
MEDIUM
Magento < 2.1.17 - IDOR
CVSS 6.5
CVE-2019-17574
CRITICAL
Code-atlantic Popup Maker < 1.8.13 - IDOR
CVSS 9.1
CVE-2019-17382
CRITICAL
Zabbix < 4.4 - IDOR
CVSS 9.1
CVE-2019-17050
HIGH
Thecontrolgroup Voyager < 1.2.7 - IDOR
CVSS 7.2
CVE-2019-16723
MEDIUM
Cacti <1.2.6 - Auth Bypass
CVSS 4.3
CVE-2019-16403
HIGH
Webkul Bagisto <0.1.5 - Info Disclosure
CVSS 8.8
CVE-2019-15725
HIGH
Gitlab < 12.0.8 - IDOR
CVSS 7.5
CVE-2019-14725
MEDIUM
CentOS Web Panel <0.9.8.851 - Info Disclosure
CVSS 4.3
CVE-2019-14724
HIGH
CentOS Web Panel <0.9.8.851 - Info Disclosure
CVSS 7.5
CVE-2019-14721
MEDIUM
CentOS Web Panel 0.9.8.851 - Info Disclosure
CVSS 6.5
CVE-2019-14246
MEDIUM
CentOS Web Panel <0.9.8.851 - Info Disclosure
CVSS 6.5
CVE-2019-14245
MEDIUM
CentOS Web Panel <0.9.8.851 - Info Disclosure
CVSS 6.5
CVE-2019-14932
HIGH
Humanica Humatrix 7 - IDOR
CVSS 7.5
CVE-2019-7950
HIGH
Magento <2.1.18-2.3.2 - Auth Bypass
CVSS 7.5
CVE-2019-7925
MEDIUM
Magento <2.1.18-2.3.2 - IDOR
CVSS 4.9
CVE-2019-7890
HIGH
Magento <2.1.18-2.3.2 - Info Disclosure
CVSS 7.3
CVE-2019-7872
MEDIUM
Magento <2.1.18-2.3.2 - SSRF
CVSS 6.5
CVE-2019-7864
MEDIUM
Magento <2.1.18-2.3.2 - SSRF
CVSS 5.3
CVE-2019-7854
HIGH
Magento <2.1.18-2.3.2 - Info Disclosure
CVSS 7.5
CVE-2019-13605
HIGH
CentOS Web Panel 0.9.8.838-0.9.8.846 - Auth Bypass
CVSS 8.8
CVE-2019-13360
CRITICAL
Webpanel - IDOR
CVSS 9.8
CVE-2019-13337
HIGH
Weseek Growi < 3.5.0 - Incorrect Authorization
CVSS 7.5
Details
Vulnerabilities
1,578
Exploit Likelihood
High