CWE-639— Authorization Bypass Through User-Controlled Key (IDOR)
1,572 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-639page 11 of 32
- CVE-2023-44981CRITICALCVSS 9.1EG 9.12023-10-11
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in …
- CVE-2023-45380HIGHCVSS 8.8EG 8.82023-11-07
In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, …
- CVE-2023-45393MEDIUMCVSS 6.5EG 6.52023-10-13
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie.
- CVE-2023-45396MEDIUMCVSS 6.5EG 6.52023-10-11
An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.
- CVE-2023-45808MEDIUMCVSS 4.1EG 4.12024-04-15
iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo o…
- CVE-2023-4587HIGHCVSS 8.3EG 8.32023-09-04
An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN ser…
- CVE-2023-45892HIGHCVSS 7.5EG 7.52024-01-02
An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.
- CVE-2023-45893HIGHCVSS 7.5EG 7.52024-01-02
An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.
- CVE-2023-46311LOWCVSS 2.7EG 2.72023-12-20
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3.
- CVE-2023-46446MEDIUMCVSS 6.8EG 6.82023-11-14
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
- CVE-2023-46478HIGHCVSS 8.8EG 8.82023-10-30
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter.
- CVE-2023-46646MEDIUMCVSS 5.3EG 5.32023-12-21
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository c…
- CVE-2023-46701MEDIUMCVSS 6.5EG 6.52023-12-12
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID
- CVE-2023-47022MEDIUMCVSS 6.5EG 6.52024-02-06
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
- CVE-2023-47191MEDIUMCVSS 6.5EG 6.52023-12-21
Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile,…
- CVE-2023-47316MEDIUMCVSS 5.4EG 5.42023-11-22
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API cal…
- CVE-2023-47543MEDIUMCVSS 5.4EG 5.42024-11-12
An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.
- CVE-2023-48304MEDIUMCVSS 4.3EG 4.32023-11-21
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2…
- CVE-2023-4836MEDIUMCVSS 4.3EG 4.32023-10-31
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced
- CVE-2023-48641HIGHCVSS 7.5EG 7.52023-12-12
Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating a…
- CVE-2023-48783MEDIUMCVSS 5.4EG 5.42024-01-10
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user wi…
- CVE-2023-48865MEDIUMCVSS 6.5EG 6.52024-04-11
An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL.
- CVE-2023-49112MEDIUMCVSS 6.5EG 6.52024-06-20
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other auth…
- CVE-2023-49251HIGHCVSS 8.8EG 8.82024-01-09
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an atta…
- CVE-2023-49298HIGHCVSS 7.5EG 7.52023-11-24
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanis…
- CVE-2023-49339MEDIUMCVSS 6.5EG 6.52024-02-13
Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.
- CVE-2023-4934HIGHCVSS 8.8EG 8.82023-09-27
Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass. This issue affects AYBS: before 1.0.3.
- CVE-2023-49765MEDIUMCVSS 4.3EG 4.32023-12-21
Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1.
- CVE-2023-49812MEDIUMCVSS 5.3EG 5.32023-12-19
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
- CVE-2023-50267MEDIUMCVSS 4.3EG 4.32023-12-28
MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are…
- CVE-2023-50342HIGHCVSS 7.1EG 7.12024-01-03
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about another user as a result of improper access control.
- CVE-2023-51141MEDIUMCVSS 6.5EG 6.52024-04-11
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component
- CVE-2023-51502HIGHCVSS 7.5EG 7.52024-01-05
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.
- CVE-2023-51503MEDIUMCVSS 5.9EG 5.92023-12-31
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from…
- CVE-2023-53914CRITICALCVSS 9.8EG 9.82025-12-17
UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpo…
- CVE-2023-53930HIGHCVSS 7.5EG 9.82025-12-17
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changi…
- CVE-2023-53955CRITICALCVSS 9.8EG 9.82025-12-22
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-su…
- CVE-2023-5544MEDIUMCVSS 6.5EG 6.52023-11-09
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
- CVE-2023-6144CRITICALCVSS 9.1EG 9.12023-11-21
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.
- CVE-2023-6223MEDIUMCVSS 4.3EG 4.32024-01-11
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlle…
- CVE-2023-6226MEDIUMCVSS 4.3EG 4.32023-11-28
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled…
- CVE-2023-6317HIGHCVSS 7.2EG 7.22024-04-09
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.…
- CVE-2023-6341MEDIUMCVSS 5.3EG 5.32023-11-30
Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a spec…
- CVE-2023-6384MEDIUMCVSS 4.3EG 4.32024-01-22
The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar
- CVE-2023-6504MEDIUMCVSS 4.3EG 4.32024-01-11
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler funct…
- CVE-2023-6506MEDIUMCVSS 4.3EG 4.32024-01-11
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user c…
- CVE-2023-6515HIGHCVSS 8.8EG 8.82024-02-08
Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7.
- CVE-2023-6523HIGHCVSS 8.8EG 8.82024-04-05
Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse. This issue affects Extreme XDS: before 3914.
- CVE-2023-6630MEDIUMCVSS 4.3EG 4.32024-01-11
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missin…
- CVE-2023-6724HIGHCVSS 8.8EG 8.82024-02-09
Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before f…
Map vulnerabilities like CWE-639 to your infrastructure
EchelonGraph correlates every CVE — across CWE-639 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →