Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,827 vulnerabilities with CWE-639

CVE-2022-40205 MEDIUM

wpForo Forum <= 2.0.5 - Insecure Direct Object Reference in Post Marking

CVE-2022-39945 MEDIUM

FortiMail 6.0.0-6.0.11, 6.2, 6.4, 7.0.0-7.0.3, 7.2.0 - Authenticated IDOR for Domain Access/Modification

CVE-2022-39018 HIGH

M-Files Hubshare <3.3.11.3 - Info Disclosure

CVE-2022-31692 CRITICAL

Spring Security 5.6.0-5.6.8 and 5.7.0-5.7.4 - Authorization Bypass via Forward or Include Dispatcher Types

CVE-2022-36966 MEDIUM

SolarWinds Orion Platform < 2022.4 - Insecure Direct Object Reference via Node Management URL Parameter

CVE-2022-33077 HIGH

NopCommerce <4.50.2 - Info Disclosure

CVE-2022-41479 HIGH

DevExpress ASP.NET Web Forms Build v19.2.3 - Info Disclosure

CVE-2022-3331 LOW

GitLab EE <15.1.6-15.3.2 - Info Disclosure

CVE-2022-3282 MEDIUM

WordPress Drag and Drop Multiple File Upload <1.3.6.5 - Info Disclo...

CVE-2022-42067 MEDIUM

Online Birth Certificate Management System 1.0 - Insecure Direct Object Reference

CVE-2022-2828 MEDIUM

Octopus Server 2022.1.2121-2022.1.3135 - Insecure Direct Object Reference via API

CVE-2022-1613 MEDIUM

Restricted Site Access < 7.3.2 - IP-Based Access Control Bypass via HTTP Header Spoofing

CVE-2022-40186 CRITICAL

HashiCorp Vault < 1.9.9 and 1.11.0-1.11.3 - Authorization Bypass via Entity Alias Metadata Overwrite

CVE-2022-1580 MEDIUM

Site Offline WordPress plugin < 1.5.3 - Authorization Bypass via URL Query

CVE-2022-2913 MEDIUM

Login No Captcha reCAPTCHA < 1.7 - IP Spoofing and Captcha Bypass via Allow List

CVE-2022-2877 MEDIUM

Titan Anti-spam & Security <7.3.1 - Info Disclosure

CVE-2022-38789 CRITICAL

Airties Smart Wi-Fi <2020-08-04 - SSRF

CVE-2022-36539 HIGH

eigen&wijzer ouderapp < 1.1.22 - Authorization Bypass via ID Parameter Manipulation

CVE-2022-32277 MEDIUM

Squiz Matrix CMS 6.20 - Authenticated Privilege Escalation via Insecure Direct Object Reference

CVE-2022-36202 CRITICAL

Doctor's Appointment System 1.0 - Info Disclosure

CVE-2022-2080 MEDIUM

Sensei LMS < 4.5.2 - Authenticated Insecure Direct Object Reference in Private Message Sender Validation

CVE-2022-2034 MEDIUM

Sensei LMS < 4.5.0 - Unauthenticated Private Message Access via REST Endpoint

CVE-2022-3019 HIGH

tooljet < 1.23.0 - Improper Access Control via Forgot Password Token

CVE-2022-34775 MEDIUM

tabit < 3.27.0 - Excessive Data Exposure via Reservation Management API

CVE-2022-34770 MEDIUM

tabit < 3.27.0 - Unauthenticated Sensitive Information Disclosure via Short URL Redirect

Previous Page 61 of 74 Next

Details

Vulnerabilities 1,827

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy