Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,830 vulnerabilities with CWE-639

CVE-2019-13360 CRITICAL

Webpanel - Insecure Direct Object Reference

CVE-2019-13337 HIGH

WESEEK GROWI < 3.5.0 - Unauthenticated Authorization Bypass via access_token URL Parameter

CVE-2019-13461 HIGH

PrestaShop < 1.7.6.0 RC2 - Insecure Direct Object Reference via Checkout Address Parameters

CVE-2019-12782 HIGH

ThoughtSpot 4.4.1-5.1.1 - Authorization Bypass via Pinboard GUID Spoofing

CVE-2019-5966 MEDIUM

Joruri Mail < 2.1.4 - Session Impersonation and Information Disclosure

CVE-2019-12866 CRITICAL

JetBrains YouTrack < 2018.4.49168 - Authorization Bypass via User-Controlled Key

CVE-2019-12742 HIGH

Bludit < 3.9.1 - Unauthenticated Password Change via Insecure Direct Object Reference

CVE-2019-12252 MEDIUM

Zoho ManageEngine ServiceDesk Plus <10.5 - Info Disclosure

CVE-2019-10108 MEDIUM

GitLab < 11.7.8, 11.8.x < 11.8.4, 11.9.x < 11.9.2 - Incorrect Access Control for Private Project Labels

CVE-2019-9756 CRITICAL

GitLab Community and Enterprise Edition <11.6.10/11.7.6 - Incorrect Access Control

CVE-2019-9219 LOW

GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Authorization Bypass Through User-Controlled Key

CVE-2019-9170 MEDIUM

GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Incorrect Access Control

CVE-2019-9921 MEDIUM

Harmis JE Messenger 1.2.2 - Info Disclosure

CVE-2019-9938 MEDIUM

SHAREit < 4.0.42 - Unauthenticated Arbitrary File Download via Network Access

CVE-2019-6716 CRITICAL

Nervepoint Access Manager 2013-2017 - Unauthenticated IDOR via runJob.html jobId

CVE-2018-25270 CRITICAL

ThinkPHP 5.0.23 Remote Code Execution via invokefunction

CVE-2018-25129 HIGH

SOCA Access Control System 180612 - Info Disclosure

CVE-2018-17455 HIGH

GitLab EE <11.1.7, <11.2.4, <11.3.1 - Info Disclosure

CVE-2018-17449 HIGH

GitLab <11.1.7-11.3.1 - Info Disclosure

CVE-2018-19584 HIGH

GitLab EE <11.3.11-11.5.1 - Info Disclosure

CVE-2018-19582 MEDIUM

GitLab EE <11.4.8-11.5.1 - Info Disclosure

CVE-2018-19575 MEDIUM

GitLab CE/EE <11.3.11-11.5.1 - Info Disclosure

CVE-2018-18976 MEDIUM

Ascensia Contour Diabetes < 2.4.30 and < 2.5.0 - Unauthenticated Insecure Direct Object Reference

CVE-2018-20405 LOW

BigTree 4.3 - Authenticated Path Disclosure via Admin News Input

CVE-2018-16971 MEDIUM

Wisetail Learning Ecosystem <4.11.6 - IDOR

Previous Page 72 of 74 Next

Details

Vulnerabilities 1,830

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy