VYPR

CWE-566

Authorization Bypass Through User-Controlled SQL Primary Key

VariantIncomplete

Description

The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (4)

  • CVE-2025-9953CriFeb 19, 2026
    risk 0.64cvss 9.8epss 0.00

    Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Databank Accreditation Software: through 19022026. NOTE: The vendor was contacted…

  • CVE-2014-0808CriJan 22, 2014
    risk 0.59cvss 9.1epss 0.02

    Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a…

  • CVE-2025-56556Sep 11, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool.

  • CVE-2024-22261Jun 10, 2024
    risk 0.00cvss epss 0.00

    SQL-Injection in Harbor allows priviledge users to leak the task IDs