VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 12 of 54
  • CVE-2021-27700HigNov 12, 2024
    risk 0.49cvss 7.6epss 0.00

    SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc.

  • CVE-2024-3306HigSep 12, 2024
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.

  • CVE-2024-3305HigSep 12, 2024
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.

  • CVE-2024-1744HigSep 6, 2024
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data. This issue affects Accord ORS: before 7.3.2.1.

  • CVE-2024-43315HigAug 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1.

  • CVE-2024-33818HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter.

  • CVE-2024-4538HigMay 7, 2024
    risk 0.49cvss 7.5epss 0.01

    IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.

  • CVE-2024-4537HigMay 7, 2024
    risk 0.49cvss 7.5epss 0.01

    IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket.

  • CVE-2024-24312HigMay 1, 2024
    risk 0.49cvss 7.5epss 0.01

    SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php component.

  • CVE-2024-22305HigJan 31, 2024
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36.

  • CVE-2023-51502HigJan 5, 2024
    risk 0.49cvss 7.5epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.

  • CVE-2023-35916HigDec 20, 2023
    risk 0.49cvss 7.5epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.

  • CVE-2023-35914HigDec 20, 2023
    risk 0.49cvss 7.5epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2.

  • CVE-2017-0922HigMar 21, 2018
    risk 0.49cvss 7.5epss 0.01

    Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.

  • CVE-2026-54360HigJun 12, 2026
    risk 0.48cvss epss 0.00

    A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a…

  • CVE-2026-39942HigApr 9, 2026
    risk 0.48cvss 8.5epss 0.00

    Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite…

  • CVE-2026-32589HigApr 8, 2026
    risk 0.48cvss 7.4epss 0.00

    A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow…

  • CVE-2026-12204HigJun 15, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to…

  • CVE-2026-46558HigJun 10, 2026
    risk 0.47cvss 8.3epss 0.00

    Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1.

  • CVE-2026-9851HigJun 6, 2026
    risk 0.47cvss 7.2epss 0.00

    The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the package_app_action AJAX endpoint, where the handler only…