Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,827 vulnerabilities with CWE-639

CVE-2022-2312 MEDIUM

Student Result or Employee Database WordPress <1.7.5 - CSRF

CVE-2022-2198 MEDIUM

WPQA Builder <5.7 - Info Disclosure

CVE-2022-34621 MEDIUM

Mealie 1.0.0beta3 - Insecure Direct Object Reference via user_id Parameter

CVE-2022-2824 HIGH

GitHub openemr/openemr <7.0.0.1 - Auth Bypass

CVE-2022-2535 MEDIUM

SearchWP Live Ajax Search <1.6.2 - Info Disclosure

CVE-2022-2730 MEDIUM

OpenEMR < 7.0.0.1 - Authorization Bypass Through User-Controlled Key

CVE-2022-2367 HIGH

WSM Downloader < 1.4.0 - Authorization Bypass via Link Parameter Validation

CVE-2022-36284 MEDIUM

StoreApps Affiliate For WooCommerce <=4.7.0 - Info Disclosure

CVE-2022-2499 LOW

GitLab 13.10.0-15.0.4, 15.1.0-15.1.3, 15.2.0 - Authorization Bypass via Jira Integration

CVE-2022-1600 MEDIUM

YOP Poll < 6.4.3 - IP-Based Vote Limitation Bypass via HTTP Header Spoofing

CVE-2022-34150 HIGH

MiCODUS MV720 GPS Tracker - Authenticated Insecure Direct Object Reference via Device ID Parameter

CVE-2022-33944 MEDIUM

MiCODUS MV720 GPS Tracker - Authenticated Insecure Direct Object Reference via Device ID Parameter

CVE-2022-2193 HIGH

HYPR Server <6.14.1 - Code Injection

CVE-2022-1881 MEDIUM

Octopus Server 2021.1.6959-2021.3.13021 - Insecure Direct Object Reference in Project Export

CVE-2022-30852 MEDIUM

Known < 1.3.1 - Authorization Bypass Through User-Controlled Key

CVE-2022-1245 CRITICAL

Keycloak < 18.0.0 - Missing Authorization in Token Exchange

CVE-2022-31131 MEDIUM

Nextcloud mail <1.12.2 - Info Disclosure

CVE-2022-23173 MEDIUM

Priority < 22.0 - Unauthenticated Authorization Bypass via prog step Parameter

CVE-2022-2243 MEDIUM

GitLab 14.8-14.10.4, 15.0-15.0.3, 15.1 - Authenticated Issue Enumeration in Non-Linked Sentry Projects

CVE-2022-31883 HIGH

marval_msm 14.19.0.12476 - Authorization Bypass via Insecure Direct Object Reference

CVE-2022-0624 HIGH

GitHub ionicabizau/parse-path <5.0.0 - Auth Bypass

CVE-2022-1614 HIGH

WP-EMail < 2.69.0 - IP-Based Anti-Spam Bypass via HTTP Header Spoofing

CVE-2022-31295 HIGH

Online Discussion Forum Site 1 - Info Disclosure

CVE-2022-30760 MEDIUM

ihb eG FlexNow <2.04.09.016 - Info Disclosure

CVE-2022-31027 MEDIUM

OAuthenticator < 15.0.0 - Authorization Bypass via CILogonOAuthenticator Email Domain Validation

Previous Page 62 of 74 Next

Details

Vulnerabilities 1,827

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy