Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,830 vulnerabilities with CWE-639

CVE-2018-16608 HIGH

Monstra CMS 3.0.4 - Authorization Bypass via Insecure Direct Object Reference

CVE-2018-16704 MEDIUM

Gleez CMS <1.2.0 - Info Disclosure

CVE-2018-16606 MEDIUM

ProConf < 6.1 - Unauthenticated Insecure Direct Object Reference via Paper ID Parameter

CVE-2018-15833 MEDIUM

Vanilla Forums < 2.6.1 - Insecure Direct Object Reference via Poll ID

CVE-2018-1000210 HIGH

YamlDotNet < 5.0.0 - Deserialization of Untrusted Data via Type Name in Tag

CVE-2018-10211 MEDIUM

Vaultize Enterprise File Sharing <17.05.31 - Info Disclosure

CVE-2017-20223 CRITICAL

Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference

CVE-2017-20101 LOW

ProjectSend r754 - Information Disclosure via process.php Zip Download

CVE-2017-3183 HIGH

Sage XRT Treasury 3 - Authenticated Authorization Bypass via USER_CODE Manipulation

CVE-2017-0936 MEDIUM

Nextcloud Server <11.0.7, 12.0.5 - Auth Bypass

CVE-2017-0920 MEDIUM

GitLab <10.1.6, 10.2.6, 10.3.4 - Auth Bypass

CVE-2017-0922 HIGH

GitLab 9.1.0-9.5.10 - Authorization Bypass in Projects::BoardsController

CVE-2017-15211 MEDIUM

Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation

CVE-2017-15209 MEDIUM

Kanboard - Authenticated Authorization Bypass via Form Data Manipulation

CVE-2017-15208 MEDIUM

Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation

CVE-2017-15207 MEDIUM

Kanboard - Authenticated Authorization Bypass via Form Data Manipulation

CVE-2017-15206 MEDIUM

Kanboard < 1.0.47 - Authenticated Authorization Bypass via Internal Link Injection

CVE-2017-15204 MEDIUM

Kanboard < 1.0.47 - Authenticated Authorization Bypass via Automatic Action Form Manipulation

CVE-2017-15203 MEDIUM

Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation

CVE-2017-15202 MEDIUM

Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation

CVE-2017-15201 MEDIUM

Kanboard < 1.0.47 - Authenticated Authorization Bypass via Tag Editing

CVE-2017-15200 MEDIUM

Kanboard - Authenticated Authorization Bypass via Task Form Manipulation

CVE-2017-15199 MEDIUM

Kanboard < 1.0.47 - Authenticated Metadata Modification via Form Data Manipulation

CVE-2017-15197 MEDIUM

Kanboard < 1.0.47 - Authenticated Authorization Bypass via Category Addition

CVE-2017-15196 MEDIUM

Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation

Previous Page 73 of 74 Next

Details

Vulnerabilities 1,830

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy