Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,830 vulnerabilities with CWE-639

CVE-2021-21324 MEDIUM

GLPI < 9.5.4 - Authenticated Insecure Direct Object Reference via Knowbase Search Form

CVE-2021-21255 MEDIUM

GLPI 9.5.3 - Missing Authorization via Entity Switch IDOR

CVE-2021-21022 MEDIUM

Magento < 2.3.6 - Insecure Direct Object Reference in Product Module

CVE-2021-26024 MEDIUM

Nagios XI Favorites < 1.0.2 - Insecure Direct Object Reference

CVE-2021-21013 HIGH

Magento <2.4.1-2.3.6 - Info Disclosure

CVE-2021-21012 MEDIUM

Magento <2.4.1-2.3.6 - Info Disclosure

CVE-2020-37094 CRITICAL

EspoCRM 5.8.5 - Authentication Bypass via Authorization Header Manipulation

CVE-2020-37008 HIGH

EasyPMS 1.0.0 - Unauthenticated Authorization Bypass via SQL Query Manipulation

CVE-2020-36923 CRITICAL

Sony BRAVIA Digital Signage <1.7.8 - Path Traversal

CVE-2020-36895 HIGH

EIBIZ i-Media Server Digital Signage 3.8.0 - Info Disclosure

CVE-2020-10130 HIGH

SearchBlox < 9.1 - Unauthenticated Business Logic Bypass for Super Admin Creation

CVE-2020-6641 MEDIUM

FortiPresence < 20.1 - Authorization Bypass via Portal Manager or Portal Users Parameters

CVE-2020-26679 MEDIUM

vFairs 3.3 - Unauthenticated Profile Modification and Arbitrary File Upload via User ID

CVE-2020-36126 HIGH

PAXSTORE < 7.0.8_20200511171508 - Authenticated Privilege Escalation via Marketplace Endpoint Access Control Bypass

CVE-2020-23722 HIGH

FUEL CMS <1.4.7 - Privilege Escalation

CVE-2020-8297 MEDIUM

Nextcloud Deck <1.0.2 - Info Disclosure

CVE-2020-13462 MEDIUM

Tufin SecureChange <R20-2 GA - IDOR

CVE-2020-16194 MEDIUM

Opart Devis < 4.0.2 - Unauthenticated Insecure Direct Object Reference via Delivery and Invoice Address Fields

CVE-2020-36231 MEDIUM

Atlassian Jira < 8.5.10 and 8.6.0-8.13.2 - Unauthenticated Board Metadata Exposure via IDOR

CVE-2020-23449 HIGH

newbee-mall - Unauthenticated Authorization Bypass via NewBeeMallIndexConfigServiceImpl

CVE-2020-29446 MEDIUM

Atlassian Fisheye & Crucible <4.8.5 - Info Disclosure

CVE-2020-4918 MEDIUM

IBM Cloud Pak System 2.3.0.0-2.3.3.2 - Sensitive Information Disclosure via Insecure Direct Object Reference

CVE-2020-35849 HIGH

MantisBT < 2.24.4 - Unauthenticated Information Disclosure via bugnote_id Parameter

CVE-2020-29156 MEDIUM

WooCommerce < 4.7.0 - Unauthenticated Arbitrary Order Status Disclosure via order_id Parameter

CVE-2020-26178 MEDIUM

tangro Business Workflow < 1.18.1 - Unauthenticated Attachment Download via Known Attachment ID

Previous Page 68 of 74 Next

Details

Vulnerabilities 1,830

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy