Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,827 vulnerabilities with CWE-639

CVE-2022-1996 CRITICAL

emicklei/go-restful <3.8.0 - Auth Bypass

CVE-2022-29627 MEDIUM

Online Market Place Site 1.0 - Authorization Bypass via Insecure Direct Object Reference

CVE-2022-1949 HIGH

389 Directory Server - Unauthenticated Access Control Bypass via Filter Mishandling

CVE-2022-30495 CRITICAL

Automotive Shop Management System 1.0 - Unauthenticated Vertical Privilege Escalation via IDOR in Name ID Parameter

CVE-2022-1810 MEDIUM

Publify < 9.2.9 - Authorization Bypass Through User-Controlled Key

CVE-2022-29434 MEDIUM

Spiffy Calendar <= 4.9.0 - Insecure Direct Object Reference in Event Editing

CVE-2022-29159 MEDIUM

Nextcloud Deck <1.4.8-1.6.1 - Privilege Escalation

CVE-2022-1425 MEDIUM

WPQA Builder Plugin < 5.2 - Unauthenticated Insecure Direct Object Reference via wpqa_message_view AJAX Action

CVE-2022-27247 MEDIUM

cdSoft Onlinetools-Smart Winhotel.MX 2021 - Sensitive Information Disclosure via GastKont IDOR

CVE-2022-1352 MEDIUM

GitLab 11.0-14.8.6, 14.9-14.9.4, 14.10-14.10.1 - Insecure Direct Object Reference in Issue API

CVE-2022-29008 MEDIUM

Bus Pass Management System v1.0 - Info Disclosure

CVE-2022-28986 HIGH

LMS Doctor Simple <2021072900 - IDOR

CVE-2022-23061 MEDIUM

Shopizer 2.0-2.17.0 - Insecure Direct Object Reference to Superadmin Deletion

CVE-2022-1461 MEDIUM

OpenEMR < 6.1.0.1 - Insufficient Access Control for User Registration Settings

CVE-2022-1459 HIGH

openemr/openemr <6.1.0.1 - Info Disclosure

CVE-2022-26665 HIGH

Tyler Odyssey Portal <17.1.20 - Info Disclosure

CVE-2022-29287 MEDIUM

Kentico CMS <13.0.66 - Info Disclosure

CVE-2022-22190 HIGH

Juniper Paragon Active Assurance Control Center 3.1.0 - Unauthenticated Sensitive Data Exposure

CVE-2022-27108 MEDIUM

OrangeHRM 4.10 - Insecure Direct Object Reference in Timesheet Creation

CVE-2022-1165 CRITICAL

Blackhole for Bad Bots < 3.3.2 - IP Spoofing via Custom Headers

CVE-2022-22331 HIGH

IBM SterlingPartner Engagement Manager 6.2.0 - Info Disclosure

CVE-2022-26254 MEDIUM

WoWonder 4.0.0 - Unauthenticated Group Name Modification

CVE-2022-0442 MEDIUM

UsersWP < 1.2.3.1 - Authenticated Arbitrary Avatar Overwrite via Missing Access Controls

CVE-2022-25471 HIGH

OpenEMR 6.0.0 - Authenticated Insecure Direct Object Reference via Installer Module

CVE-2022-0732 HIGH

1byte copy9 - Unauthenticated Insecure Direct Object Reference

Previous Page 63 of 74 Next

Details

Vulnerabilities 1,827

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy