Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,830 vulnerabilities with CWE-639

CVE-2019-19616 MEDIUM

Microsoft Dynamics NAV <2017 - IDOR

CVE-2019-16546 MEDIUM

Jenkins Google Compute Engine Plugin <4.1.1 - Man-in-the-middle

CVE-2019-15815 MEDIUM

ZyXEL P-1302-T10D <2.00(ABBX.3) - Privilege Escalation

CVE-2019-17605 HIGH

eyecomms eyeCMS < 2019-10-15 - Authorization Bypass via Mass Assignment

CVE-2019-17604 MEDIUM

eyecomms eyeCMS < 2019-10-15 - Insecure Direct Object Reference via Candidate ID Parameter

CVE-2019-8235 MEDIUM

Magento 2.1.0-2.1.16, 2.2.0-2.2.7 - Authenticated Insecure Direct Object Reference

CVE-2019-17574 CRITICAL

Popup Maker < 1.8.13 - Unauthenticated Authorization Bypass via do_action Function

CVE-2019-17382 CRITICAL

Zabbix < 4.4 - Unauthenticated Authorization Bypass via Dashboard View Action

CVE-2019-17050 HIGH

Voyager < 1.2.7 - Authenticated Arbitrary File Read and Delete via Compass

CVE-2019-16723 MEDIUM

Cacti < 1.2.6 - Authenticated Authorization Bypass via local_graph_id Parameter

CVE-2019-16403 HIGH

Webkul Bagisto <0.1.5 - Info Disclosure

CVE-2019-15725 HIGH

GitLab 12.0-12.2.1 - Authorization Bypass via Epic Notes API

CVE-2019-14725 MEDIUM

CentOS Web Panel <0.9.8.851 - Info Disclosure

CVE-2019-14724 HIGH

CentOS Web Panel <0.9.8.851 - Info Disclosure

CVE-2019-14721 MEDIUM

CentOS Web Panel 0.9.8.851 - Info Disclosure

CVE-2019-14246 MEDIUM

CentOS Web Panel <0.9.8.851 - Info Disclosure

CVE-2019-14245 MEDIUM

CentOS Web Panel <0.9.8.851 - Info Disclosure

CVE-2019-14932 HIGH

Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 - Authorization Bypass via selApp Parameter

CVE-2019-7950 HIGH

Magento <2.1.18-2.3.2 - Auth Bypass

CVE-2019-7925 MEDIUM

Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Insecure Direct Object Reference

CVE-2019-7890 HIGH

Magento <2.1.18-2.3.2 - Info Disclosure

CVE-2019-7872 MEDIUM

Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Authenticated Insecure Direct Object Reference

CVE-2019-7864 MEDIUM

Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Insecure Direct Object Reference in RSS Feeds

CVE-2019-7854 HIGH

Magento <2.1.18-2.3.2 - Info Disclosure

CVE-2019-13605 HIGH

CentOS Web Panel 0.9.8.838-0.9.8.846 - Auth Bypass

Previous Page 71 of 74 Next

Details

Vulnerabilities 1,830

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy