VYPR

CWE-425

Direct Request ('Forced Browsing')

BaseIncomplete

Description

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-127 · CAPEC-143 · CAPEC-144 · CAPEC-668 · CAPEC-87

CVEs mapped to this weakness (77)

page 4 of 4
  • CVE-2005-1654May 18, 2005
    risk 0.03cvss epss 0.02

    Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.

  • CVE-2025-47226May 2, 2025
    risk 0.00cvss epss 0.01

    Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.

  • CVE-2023-45809Oct 19, 2023
    risk 0.00cvss epss 0.00

    Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from…

  • CVE-2023-3426Aug 2, 2023
    risk 0.00cvss epss 0.00

    The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.

  • CVE-2022-29238Jun 14, 2022
    risk 0.00cvss epss 0.01

    Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual…

  • CVE-2022-23607Feb 1, 2022
    risk 0.00cvss epss 0.01

    treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore…

  • CVE-2016-1000111Mar 11, 2020
    risk 0.00cvss epss 0.02

    Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI…

  • CVE-2020-8116Feb 4, 2020
    risk 0.00cvss epss 0.03

    Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

  • CVE-2019-10354Jul 17, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

  • CVE-2018-19620Nov 28, 2018
    risk 0.00cvss epss 0.01

    ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.

  • CVE-2015-2873Aug 23, 2015
    risk 0.00cvss epss 0.03

    Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the…

  • CVE-2005-1892Jun 9, 2005
    risk 0.00cvss epss 0.02

    FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.

  • CVE-2005-1698May 24, 2005
    risk 0.00cvss epss 0.01

    PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the…

  • CVE-2005-1697May 24, 2005
    risk 0.00cvss epss 0.01

    The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message.

  • CVE-2005-1685May 20, 2005
    risk 0.00cvss epss 0.02

    episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.

  • CVE-2005-1668May 18, 2005
    risk 0.00cvss epss 0.02

    YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp.

  • CVE-2004-2144Dec 31, 2004
    risk 0.00cvss epss 0.03

    Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php.