VYPR

CWE-425

Direct Request ('Forced Browsing')

BaseIncomplete

Description

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-127 · CAPEC-143 · CAPEC-144 · CAPEC-668 · CAPEC-87

CVEs mapped to this weakness (77)

page 1 of 4
  • CVE-2017-17736CriMar 23, 2018
    risk 0.69cvss 9.8epss 0.69

    Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.

  • CVE-2017-14244CriSep 17, 2017
    risk 0.68cvss 9.8epss 0.17

    An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.

  • CVE-2022-43110CriAug 22, 2025
    risk 0.64cvss 9.8epss 0.01

    Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface…

  • CVE-2025-26689CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.01

    Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.

  • CVE-2018-6624CriFeb 5, 2018
    risk 0.64cvss 9.8epss 0.02

    OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.

  • CVE-2002-1798CriDec 31, 2002
    risk 0.63cvss 9.1epss 0.05

    MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.

  • CVE-2025-1542CriMar 26, 2025
    risk 0.60cvss epss 0.00

    Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in versions before…

  • CVE-2026-22732CriMar 19, 2026
    risk 0.59cvss 9.1epss 0.00

    When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.  This issue affects Spring Security Servlet applications using lazy (default) writing of HTTP Headers: : from…

  • CVE-2017-10833CriAug 29, 2017
    risk 0.59cvss 9.1epss 0.02

    "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors.

  • CVE-2018-3774CriAug 12, 2018
    risk 0.58cvss 10.0epss 0.04

    Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

  • CVE-2025-15587HigMar 16, 2026
    risk 0.56cvss epss 0.00

    Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 (for…

  • CVE-2025-48205HigMay 21, 2025
    risk 0.56cvss 8.6epss 0.00

    The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.

  • CVE-2025-32367HigApr 11, 2025
    risk 0.56cvss 8.6epss 0.00

    The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions.

  • CVE-2026-0650CriJan 7, 2026
    risk 0.53cvss epss 0.00

    OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without…

  • CVE-2017-15235HigOct 11, 2017
    risk 0.52cvss 7.5epss 0.06

    The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.

  • CVE-2018-16706HigSep 14, 2018
    risk 0.51cvss 7.5epss 0.22

    LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.

  • CVE-2025-48207HigMay 21, 2025
    risk 0.49cvss 8.6epss 0.00

    The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.

  • CVE-2025-48201HigMay 21, 2025
    risk 0.49cvss 8.6epss 0.00

    The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.

  • CVE-2018-7526HigMay 24, 2018
    risk 0.49cvss 7.5epss 0.01

    In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating.

  • CVE-2017-14993HigFeb 20, 2018
    risk 0.49cvss 7.5epss 0.01

    OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition…