CWE-566
Authorization Bypass Through User-Controlled SQL Primary Key
Description
The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9953 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Databank Accreditation Software: through 19022026. NOTE: The vendor was contacted… | ||
| CVE-2014-0808 | Cri | 0.59 | 9.1 | 0.02 | Jan 22, 2014 | Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a… | ||
| CVE-2025-56556 | — | 0.00 | — | 0.00 | Sep 11, 2025 | An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool. | ||
| CVE-2024-22261 | 0.00 | — | 0.00 | Jun 10, 2024 | SQL-Injection in Harbor allows priviledge users to leak the task IDs |
- risk 0.64cvss 9.8epss 0.00
Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Databank Accreditation Software: through 19022026. NOTE: The vendor was contacted…
- risk 0.59cvss 9.1epss 0.02
Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a…
- CVE-2025-56556Sep 11, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool.
- CVE-2024-22261Jun 10, 2024risk 0.00cvss —epss 0.00
SQL-Injection in Harbor allows priviledge users to leak the task IDs