Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-25270 | Authorization Bypass Through User-Controlled Key vulnerability in Mirapolis LMS An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data. | 4.3 |
| 2024-09-12 | CVE-2024-3306 | Authorization Bypass Through User-Controlled Key vulnerability in Utarit Soliclub Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android. | 7.5 |
| 2024-09-11 | CVE-2024-27113 | Authorization Bypass Through User-Controlled Key vulnerability in Soplanning An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. | 9.8 |
| 2024-09-11 | CVE-2024-45786 | Authorization Bypass Through User-Controlled Key vulnerability in Reedos Aim-Star 2.0.1 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. | 6.5 |
| 2024-09-10 | CVE-2023-44254 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request. | 6.5 |
| 2024-09-06 | CVE-2024-8428 | Authorization Bypass Through User-Controlled Key vulnerability in Ultimatemember Forumwp The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. | 8.8 |
| 2024-09-06 | CVE-2024-8292 | Authorization Bypass Through User-Controlled Key vulnerability in Plechevandrey Wp-Recall The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. | 9.8 |
| 2024-09-04 | CVE-2024-8123 | Authorization Bypass Through User-Controlled Key vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. | 5.4 |
| 2024-08-29 | CVE-2024-45232 | Authorization Bypass Through User-Controlled Key vulnerability in In2Code Powermail An issue was discovered in powermail extension through 12.3.5 for TYPO3. | 5.3 |
| 2024-08-27 | CVE-2024-40395 | Authorization Bypass Through User-Controlled Key vulnerability in PTC Thingworx 9.5.0 An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level. | 6.5 |