CWE-425
Direct Request ('Forced Browsing')
Description
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-127 · CAPEC-143 · CAPEC-144 · CAPEC-668 · CAPEC-87
CVEs mapped to this weakness (77)
page 2 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-65011 | Hig | 0.46 | — | 0.00 | Dec 18, 2025 | In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or… | ||
| CVE-2026-34028 | Med | 0.45 | — | 0.00 | Jun 15, 2026 | The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as… | ||
| CVE-2026-25679 | Hig | 0.42 | 7.5 | 0.01 | Mar 6, 2026 | url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. | ||
| CVE-2025-26381 | — | Med | 0.42 | — | 0.00 | Dec 17, 2025 | Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information. | |
| CVE-2025-52920 | Med | 0.42 | 6.4 | 0.00 | Jun 23, 2025 | Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their… | ||
| CVE-2018-0267 | Med | 0.42 | 6.5 | 0.00 | Apr 19, 2018 | A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables… | ||
| CVE-2018-0140 | Med | 0.42 | 6.5 | 0.02 | Feb 8, 2018 | A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is… | ||
| CVE-2017-2486 | Med | 0.42 | 6.5 | 0.02 | Apr 2, 2017 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. | ||
| CVE-2025-59797 | Med | 0.38 | 5.8 | 0.00 | Sep 22, 2025 | Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the user-management page, and the plane page. | ||
| CVE-2024-6188 | Med | 0.37 | 5.3 | 0.02 | Jun 20, 2024 | A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The… | ||
| CVE-2018-0198 | Med | 0.35 | 5.3 | 0.02 | Mar 27, 2018 | A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing… | ||
| CVE-2018-0105 | Med | 0.35 | 5.3 | 0.02 | Jan 18, 2018 | A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing… | ||
| CVE-2017-2143 | Med | 0.35 | 5.3 | 0.01 | Apr 28, 2017 | CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php. | ||
| CVE-2017-2139 | Med | 0.35 | 5.3 | 0.01 | Apr 28, 2017 | CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php. | ||
| CVE-2005-1688 | Med | 0.35 | 5.3 | 0.02 | May 20, 2005 | Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message. | ||
| CVE-2004-2257 | Med | 0.35 | 5.3 | 0.02 | Dec 31, 2004 | phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request. | ||
| CVE-2026-29909 | Med | 0.34 | 5.3 | 0.00 | Mar 30, 2026 | MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without… | ||
| CVE-2026-4900 | Med | 0.34 | 5.3 | 0.00 | Mar 26, 2026 | A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to… | ||
| CVE-2026-4532 | Med | 0.34 | 5.3 | 0.00 | Mar 22, 2026 | A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories… | ||
| CVE-2025-2595 | Med | 0.34 | 5.3 | 0.00 | Apr 23, 2025 | An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing. |
- risk 0.46cvss —epss 0.00
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or…
- risk 0.45cvss —epss 0.00
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as…
- risk 0.42cvss 7.5epss 0.01
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
- risk 0.42cvss —epss 0.00
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information.
- risk 0.42cvss 6.4epss 0.00
Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables…
- risk 0.42cvss 6.5epss 0.02
A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is…
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.
- risk 0.38cvss 5.8epss 0.00
Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the user-management page, and the plane page.
- risk 0.37cvss 5.3epss 0.02
A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing…
- risk 0.35cvss 5.3epss 0.01
CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php.
- risk 0.35cvss 5.3epss 0.01
CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php.
- risk 0.35cvss 5.3epss 0.02
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
- risk 0.35cvss 5.3epss 0.02
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
- risk 0.34cvss 5.3epss 0.00
MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without…
- risk 0.34cvss 5.3epss 0.00
A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to…
- risk 0.34cvss 5.3epss 0.00
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories…
- risk 0.34cvss 5.3epss 0.00
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.