VYPR

CWE-285

Improper Authorization

ClassDraftLikelihood: High

Description

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-104 · CAPEC-127 · CAPEC-13 · CAPEC-17 · CAPEC-39 · CAPEC-402 · CAPEC-45 · CAPEC-5 · CAPEC-51 · CAPEC-59 · CAPEC-60 · CAPEC-647 · CAPEC-668 · CAPEC-76 · CAPEC-77 · CAPEC-87

CVEs mapped to this weakness (812)

page 23 of 41
  • CVE-2025-11080MedSep 27, 2025
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the…

  • CVE-2025-10981MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was…

  • CVE-2025-10980MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and…

  • CVE-2025-10979MedSep 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the…

  • CVE-2025-10978MedSep 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has…

  • CVE-2025-10822MedSep 23, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed…

  • CVE-2025-10821MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    A flaw has been found in fuyang_lipengjun platform 1.0. The affected element is the function TopicCategoryController of the file /topiccategory/queryAll. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been…

  • CVE-2025-10820MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used.

  • CVE-2025-10819MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2025-10676MedSep 18, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the…

  • CVE-2025-10675MedSep 18, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-10674MedSep 18, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit is publicly…

  • CVE-2025-10422MedSep 15, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization.…

  • CVE-2025-10319MedSep 12, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The…

  • CVE-2025-10084MedSep 8, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The…

  • CVE-2025-10073MedSep 8, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and…

  • CVE-2025-9936MedSep 4, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in fuyang_lipengjun platform 1.0.0. This issue affects the function AdController of the file /ad/queryAll. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and…

  • CVE-2025-9836MedSep 2, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authorization bypass. The attack can be launched remotely. The exploit has been made…

  • CVE-2025-9835MedSep 2, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed…

  • CVE-2025-8790MedAug 10, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. The attack…