CWE-425
Direct Request ('Forced Browsing')
Description
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-127 · CAPEC-143 · CAPEC-144 · CAPEC-668 · CAPEC-87
CVEs mapped to this weakness (77)
page 4 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-1654 | 0.03 | — | 0.02 | May 18, 2005 | Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set. | |||
| CVE-2025-47226 | 0.00 | — | 0.01 | May 2, 2025 | Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information. | |||
| CVE-2023-45809 | 0.00 | — | 0.00 | Oct 19, 2023 | Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from… | |||
| CVE-2023-3426 | 0.00 | — | 0.00 | Aug 2, 2023 | The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations. | |||
| CVE-2022-29238 | 0.00 | — | 0.01 | Jun 14, 2022 | Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual… | |||
| CVE-2022-23607 | 0.00 | — | 0.01 | Feb 1, 2022 | treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore… | |||
| CVE-2016-1000111 | — | 0.00 | — | 0.02 | Mar 11, 2020 | Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI… | ||
| CVE-2020-8116 | — | 0.00 | — | 0.03 | Feb 4, 2020 | Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. | ||
| CVE-2019-10354 | 0.00 | — | 0.02 | Jul 17, 2019 | A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information. | |||
| CVE-2018-19620 | — | 0.00 | — | 0.01 | Nov 28, 2018 | ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. | ||
| CVE-2015-2873 | 0.00 | — | 0.03 | Aug 23, 2015 | Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the… | |||
| CVE-2005-1892 | 0.00 | — | 0.02 | Jun 9, 2005 | FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message. | |||
| CVE-2005-1698 | 0.00 | — | 0.01 | May 24, 2005 | PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the… | |||
| CVE-2005-1697 | 0.00 | — | 0.01 | May 24, 2005 | The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message. | |||
| CVE-2005-1685 | 0.00 | — | 0.02 | May 20, 2005 | episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp. | |||
| CVE-2005-1668 | 0.00 | — | 0.02 | May 18, 2005 | YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp. | |||
| CVE-2004-2144 | 0.00 | — | 0.03 | Dec 31, 2004 | Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php. |
- CVE-2005-1654May 18, 2005risk 0.03cvss —epss 0.02
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
- CVE-2025-47226May 2, 2025risk 0.00cvss —epss 0.01
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
- CVE-2023-45809Oct 19, 2023risk 0.00cvss —epss 0.00
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from…
- CVE-2023-3426Aug 2, 2023risk 0.00cvss —epss 0.00
The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.
- CVE-2022-29238Jun 14, 2022risk 0.00cvss —epss 0.01
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual…
- CVE-2022-23607Feb 1, 2022risk 0.00cvss —epss 0.01
treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore…
- CVE-2016-1000111Mar 11, 2020risk 0.00cvss —epss 0.02
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI…
- CVE-2020-8116Feb 4, 2020risk 0.00cvss —epss 0.03
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
- CVE-2019-10354Jul 17, 2019risk 0.00cvss —epss 0.02
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
- CVE-2018-19620Nov 28, 2018risk 0.00cvss —epss 0.01
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
- CVE-2015-2873Aug 23, 2015risk 0.00cvss —epss 0.03
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the…
- CVE-2005-1892Jun 9, 2005risk 0.00cvss —epss 0.02
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.
- CVE-2005-1698May 24, 2005risk 0.00cvss —epss 0.01
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the…
- CVE-2005-1697May 24, 2005risk 0.00cvss —epss 0.01
The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message.
- CVE-2005-1685May 20, 2005risk 0.00cvss —epss 0.02
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.
- CVE-2005-1668May 18, 2005risk 0.00cvss —epss 0.02
YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp.
- CVE-2004-2144Dec 31, 2004risk 0.00cvss —epss 0.03
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php.