Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2024-07-18 CVE-2024-5619 Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apinizer Management Console: before 2024.05.1.
network
low complexity
CWE-639
critical
9.6
2024-06-29 CVE-2024-5942 Authorization Bypass Through User-Controlled Key vulnerability in Carlosfazenda Page and Post Clone
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key.
network
low complexity
carlosfazenda CWE-639
5.4
2024-06-27 CVE-2024-1107 Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.
network
low complexity
CWE-639
8.8
2024-06-22 CVE-2024-4874 Authorization Bypass Through User-Controlled Key vulnerability in Bricksbuilder Bricks
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key.
network
low complexity
bricksbuilder CWE-639
4.3
2024-06-21 CVE-2024-5639 Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key.
network
low complexity
cozmoslabs CWE-639
4.3
2024-06-07 CVE-2024-5438 Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key.
network
low complexity
themeum CWE-639
4.3
2024-06-05 CVE-2024-4886 Authorization Bypass Through User-Controlled Key vulnerability in Buddyboss Platform
The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
network
low complexity
buddyboss CWE-639
4.3
2024-05-14 CVE-2023-40720 Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortivoice
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.
network
low complexity
fortinet CWE-639
7.1
2024-04-05 CVE-2023-6523 Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse.This issue affects Extreme XDS: before 3914.
network
low complexity
CWE-639
8.8
2024-03-12 CVE-2024-23112 Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortios and Fortiproxy
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.
network
low complexity
fortinet CWE-639
4.3