CWE-425
Direct Request ('Forced Browsing')
BaseIncomplete
Description
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-127 · CAPEC-143 · CAPEC-144 · CAPEC-668 · CAPEC-87
CVEs mapped to this weakness (52)
page 2 of 3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-7500 | Med | 0.35 | 5.4 | 0.00 | Apr 30, 2026 | When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write operations — because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API. | |
| CVE-2004-2257 | Med | 0.35 | 5.3 | 0.01 | Dec 31, 2004 | phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request. | |
| CVE-2026-29909 | Med | 0.34 | 5.3 | 0.00 | Mar 30, 2026 | MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials. | |
| CVE-2026-4900 | Med | 0.34 | 5.3 | 0.00 | Mar 26, 2026 | A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. It is advisable to modify the configuration settings. | |
| CVE-2026-4532 | Med | 0.34 | 5.3 | 0.00 | Mar 22, 2026 | A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. It is recommended to change the configuration settings. | |
| CVE-2025-2595 | Med | 0.34 | 5.3 | 0.00 | Apr 23, 2025 | An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing. | |
| CVE-2024-9945 | Med | 0.34 | 5.3 | 0.00 | Dec 13, 2024 | An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders. | |
| CVE-2024-7153 | Med | 0.34 | 5.3 | 0.00 | Jul 27, 2024 | A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2024-6414 | Med | 0.34 | 5.3 | 0.00 | Jun 30, 2024 | A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x. Affected is an unknown function of the file TS/export/contentpage of the component Export Page. The manipulation of the argument ID leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2024-2730 | Med | 0.34 | 5.3 | 0.00 | Apr 10, 2024 | Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available | |
| CVE-2017-2143 | Med | 0.34 | 5.3 | 0.00 | Apr 28, 2017 | CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php. | |
| CVE-2017-2139 | Med | 0.34 | 5.3 | 0.00 | Apr 28, 2017 | CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php. | |
| CVE-2005-1688 | Med | 0.34 | 5.3 | 0.01 | May 20, 2005 | Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message. | |
| CVE-2025-31971 | Med | 0.33 | 5.1 | 0.00 | Aug 28, 2025 | AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information. | |
| CVE-2024-58343 | Med | 0.28 | 4.3 | 0.00 | Apr 16, 2026 | Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id. | |
| CVE-2025-27581 | Med | 0.28 | 4.3 | 0.00 | Apr 24, 2025 | NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints. | |
| CVE-2025-53073 | Med | 0.27 | 4.2 | 0.00 | Jun 24, 2025 | In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and might be mentioned publicly, or it could be predicted). | |
| CVE-2025-48202 | Med | 0.27 | 5.3 | 0.00 | May 21, 2025 | The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference. | |
| CVE-2025-15153 | Low | 0.24 | 3.7 | 0.00 | Dec 28, 2025 | A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been made available to the public and could be used for attacks. Modifying the configuration settings is advised. | |
| CVE-2025-14697 | Low | 0.24 | 3.7 | 0.00 | Dec 15, 2025 | A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotely. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. |