Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2022-01-12 CVE-2021-3852 Authorization Bypass Through User-Controlled Key vulnerability in Weseek Growi
growi is vulnerable to Authorization Bypass Through User-Controlled Key
network
low complexity
weseek CWE-639
5.0
2022-01-03 CVE-2021-45428 Authorization Bypass Through User-Controlled Key vulnerability in Telesquare Tlr-2005Ksh Firmware
TLR-2005KSH is affected by an incorrect access control vulnerability.
network
low complexity
telesquare CWE-639
7.5
2021-12-29 CVE-2021-44160 Authorization Bypass Through User-Controlled Key vulnerability in CTH Carinal Tien Hospital Health Report System
Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication.
network
low complexity
cth CWE-639
7.5
2021-12-28 CVE-2021-40579 Authorization Bypass Through User-Controlled Key vulnerability in Online Enrollment Management System Project Online Enrollment Management System 1.0
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control.
4.0
2021-12-14 CVE-2021-43820 Authorization Bypass Through User-Controlled Key vulnerability in Seafile Server
Seafile is an open source cloud storage system.
network
seafile CWE-639
4.3
2021-12-01 CVE-2021-3964 Authorization Bypass Through User-Controlled Key vulnerability in Elgg
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
network
elgg CWE-639
4.3
2021-11-30 CVE-2021-36329 Authorization Bypass Through User-Controlled Key vulnerability in Dell EMC Streaming Data Platform
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability.
network
low complexity
dell CWE-639
4.0
2021-11-23 CVE-2021-24892 Authorization Bypass Through User-Controlled Key vulnerability in Advanced Forms Project Advanced Forms
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account.
network
low complexity
advanced-forms-project CWE-639
6.5
2021-11-19 CVE-2021-22951 Authorization Bypass Through User-Controlled Key vulnerability in Concretecms Concrete CMS
Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7.
network
low complexity
concretecms CWE-639
5.0
2021-11-19 CVE-2021-22967 Authorization Bypass Through User-Controlled Key vulnerability in Concretecms Concrete CMS
In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit message”.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H
network
low complexity
concretecms CWE-639
5.0