Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,827 vulnerabilities with CWE-639

CVE-2022-0731 MEDIUM

Dolibarr < 16.0 - Improper Access Control

CVE-2022-0691 CRITICAL

url-parse < 1.5.9 - Authorization Bypass Through User-Controlled Key

CVE-2022-0686 CRITICAL

url-parse < 1.5.8 - Authorization Bypass Through User-Controlled Key

CVE-2022-24979 MEDIUM

mittwald/varnishcache < 2.0.1 - Unauthenticated Insecure Direct Object Reference in ESI Content Element Renderer

CVE-2022-25336 MEDIUM

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x < 7.5.26 and 1.3.x < 1.3.12 - IDOR via Image Path and Filename

CVE-2022-0639 MEDIUM

url-parse < 1.5.7 - Authorization Bypass Through User-Controlled Key

CVE-2022-0613 MEDIUM

uri.js < 1.19.8 - Authorization Bypass Through User-Controlled Key

CVE-2022-0512 MEDIUM

url-parse < 1.5.6 - Authorization Bypass Through User-Controlled Key

CVE-2022-21713 MEDIUM

Grafana 5.0.0-7.5.14 - Authenticated Authorization Bypass via Team API Endpoints

CVE-2022-22832 CRITICAL

Servisnet Tessa 0.0.2 - Unauthenticated Authorization Bypass via User Data Endpoint

CVE-2022-22828 HIGH

Synaman < 5.0 - Unauthenticated Unshared File Access via Base64-Encoded Filename

CVE-2022-23856 MEDIUM

Saviynt EIC <5.5 SP2.x - Info Disclosure

CVE-2022-0266 MEDIUM

Packagist remdex/livehelperchat <3.92v - Auth Bypass

CVE-2021-47721 HIGH

Orangescrum 1.8.0 - Session Cookie Account Takeover

CVE-2021-3991 MEDIUM

Dolibarr < 15.0.0 and dolibarr_erp/crm < 20.0.2 - Improper Authorization via Direct URL Access

CVE-2021-27700 HIGH

SOCIFI Socifi Guest - Privilege Escalation

CVE-2021-37577 MEDIUM

Bluetooth Core Specifications 2.1-5.3 - Info Disclosure

CVE-2021-33223 HIGH

SeedDMS 6.0.15 - Privilege Escalation

CVE-2021-36400 MEDIUM

Moodle <3.9.8 and 3.11.0-beta-3.11.1 - Authorization Bypass in Calendar URL Subscription Removal

CVE-2021-36539 MEDIUM

Instructure Canvas LMS - Info Disclosure

CVE-2021-36906 LOW

ExpressTech Quiz And Survey Master <= 7.3.6 - Insecure Direct Object Reference

CVE-2021-36865 LOW

ExpressTech Quiz And Survey Master <= 7.3.4 - Insecure Direct Object Reference

CVE-2021-4142 MEDIUM

Candlepin 3.1.0-3.1.28-2 - Authentication Bypass via SCA Certificate

CVE-2021-24655 HIGH

WP User Manager < 2.6.3 - Authenticated Password Reset Authorization Bypass

CVE-2021-24800 MEDIUM

DW Question & Answer Pro <1.3.4 - Info Disclosure

Previous Page 64 of 74 Next

Details

Vulnerabilities 1,827

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy