Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,830 vulnerabilities with CWE-639

CVE-2020-11658 CRITICAL

CA API Developer Portal < 4.3.1 - Authorization Bypass via Shared Secret Key

CVE-2020-9384 HIGH

Subex ROC Partner Settlement 10.5 - Authenticated Account Takeover via Change Password IDOR

CVE-2020-11589 HIGH

CIPPlanner CIPAce < 9.1 - Unauthenticated Insecure Direct Object Reference

CVE-2020-11585 MEDIUM

Dnnsoftware Dotnetnuke - Information Disclosure

CVE-2020-7918 MEDIUM

Totemo totemomail 7.0.0 - Info Disclosure

CVE-2020-9468 MEDIUM

Piwigo Community plugin 2.9.e-beta - Authorization Bypass via Image ID Parameter

CVE-2020-5539 MEDIUM

GRANDIT 1.6-3.0 - Authentication Bypass via Session Impersonation

CVE-2020-8503 MEDIUM

Biscom SFT <5.1.1067, <6.0.1003 - IDOR

CVE-2020-5194 MEDIUM

Cerberus FTP Server 8 - Authenticated Authorization Bypass via Zip API Endpoint

CVE-2020-6859 MEDIUM

Ultimate Member < 2.1.2 - Insecure Direct Object Reference via user_id Parameter

CVE-2019-25487 CRITICAL

Sapido RB-1732 2.0.43 - Unauthenticated Remote Code Execution via formSysCmd Endpoint

CVE-2019-25235 CRITICAL

Smartwares HOME easy <1.0.9 - Auth Bypass

CVE-2019-19755 CRITICAL

ethOS <= 1.3.3 - SSH Host Key Reuse

CVE-2019-15310 CRITICAL

Linkplay - Unauthenticated Remote Code Execution via XML Parsing in Firmware Update

CVE-2019-18626 MEDIUM

Harris Ormed Self Service <2019.1.4 - Info Disclosure

CVE-2019-19946 MEDIUM

Dradis Pro 3.4.1 - Authorization Bypass via Project Content Extraction

CVE-2019-19866 HIGH

Atos Unify OpenScape UC Web Client V9 < R4.31.0 & V10 < R0.6.0 - Sensitive Info Disclosure via Conference ID Enumeration

CVE-2019-18998 HIGH

ABB Asset Suite <9.4.2.6-9.6.0 - Info Disclosure

CVE-2019-5466 MEDIUM

GitLab 11.5.0-11.11.7 - Authorization Bypass via Merge Request Endpoint

CVE-2019-15582 MEDIUM

GitLab < 12.3.2, < 12.2.6, < 12.1.12 - Authorization Bypass via Protected Environment Group Addition

CVE-2019-15581 MEDIUM

GitLab < 12.3.2, < 12.2.6, < 12.1.12 - Insecure Direct Object Reference via Merge Request Approval Rules

CVE-2019-20209 HIGH

CTHthemes CityBook, TownHub, and EasyBook - Insecure Direct Object Reference via admin-ajax.php

CVE-2019-19259 MEDIUM

GitLab 11.3.0-12.5.0 - Insecure Direct Object Reference

CVE-2019-15913 CRITICAL

Xiaomi Devices - Info Disclosure/DoS

CVE-2019-5469 MEDIUM

GitLab < 11.11.6, < 12.0.4, < 12.1.2 - Authorization Bypass via Project Archive File Upload

Previous Page 70 of 74 Next

Details

Vulnerabilities 1,830

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy