CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,578 vulnerabilities with CWE-639
CVE-2019-13461
HIGH
Prestashop < 1.7.5.2 - IDOR
CVSS 7.5
CVE-2019-12782
HIGH
Thoughtspot < 5.1.1 - IDOR
CVSS 8.1
CVE-2019-5966
MEDIUM
Joruri Mail < 2.1.4 - IDOR
CVSS 5.4
CVE-2019-12866
CRITICAL
Jetbrains Youtrack < 2018.4.49168 - IDOR
CVSS 9.8
CVE-2019-12742
HIGH
Bludit < 3.9.1 - IDOR
CVSS 8.8
CVE-2019-12252
MEDIUM
Zoho ManageEngine ServiceDesk Plus <10.5 - Info Disclosure
CVSS 6.5
CVE-2019-10108
MEDIUM
Gitlab < 11.7.8 - IDOR
CVSS 5.4
CVE-2019-9756
CRITICAL
GitLab Community and Enterprise Edition <11.6.10/11.7.6 - Incorrect Access Control
CVSS 9.8
CVE-2019-9219
LOW
Gitlab < 11.6.10 - IDOR
CVSS 3.7
CVE-2019-9170
MEDIUM
Gitlab < 11.6.10 - IDOR
CVSS 5.3
CVE-2019-9921
MEDIUM
Harmis JE Messenger 1.2.2 - Info Disclosure
CVSS 6.5
CVE-2019-9938
MEDIUM
SHAREit <4.0.42 - Info Disclosure
CVSS 5.3
CVE-2019-6716
CRITICAL
Logonbox Nervepoint Access Manager - IDOR
CVSS 9.4
CVE-2018-25270
CRITICAL
ThinkPHP 5.0.23 Remote Code Execution via invokefunction
CVSS 9.8
CVE-2018-25129
HIGH
SOCA Access Control System 180612 - Info Disclosure
CVSS 7.5
CVE-2018-17455
HIGH
GitLab EE <11.1.7, <11.2.4, <11.3.1 - Info Disclosure
CVSS 7.5
CVE-2018-17449
HIGH
GitLab <11.1.7-11.3.1 - Info Disclosure
CVSS 7.5
CVE-2018-19584
HIGH
GitLab EE <11.3.11-11.5.1 - Info Disclosure
CVSS 7.5
CVE-2018-19582
MEDIUM
GitLab EE <11.4.8-11.5.1 - Info Disclosure
CVSS 4.3
CVE-2018-19575
MEDIUM
GitLab CE/EE <11.3.11-11.5.1 - Info Disclosure
CVSS 4.3
CVE-2018-18976
MEDIUM
Ascensia Contour Diabetes < 2.4.30 - IDOR
CVSS 5.3
CVE-2018-20405
LOW
Bigtree - IDOR
CVSS 2.7
CVE-2018-16971
MEDIUM
Wisetail Learning Ecosystem <4.11.6 - IDOR
CVSS 4.3
CVE-2018-16608
HIGH
Monstra - IDOR
CVSS 8.8
CVE-2018-16704
MEDIUM
Gleez CMS <1.2.0 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities
1,578
Exploit Likelihood
High