CWE-566
Authorization Bypass Through User-Controlled SQL Primary Key
VariantIncomplete
Description
The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-9953 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.This issue affects Databank Accreditation Software: through 19022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2014-0808 | Cri | 0.59 | 9.1 | 0.00 | Jan 22, 2014 | Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. |