Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2023-45380 | Authorization Bypass Through User-Controlled Key vulnerability in Silbersaiten Order Duplicator 1.1.7 In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. | 8.8 |
| 2023-11-03 | CVE-2023-38965 | Authorization Bypass Through User-Controlled Key vulnerability in Oretnom23 Lost and Found Information System 1.0 Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | 9.8 |
| 2023-10-31 | CVE-2023-4836 | Authorization Bypass Through User-Controlled Key vulnerability in Userprivatefiles Wordpress File Sharing Plugin The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced | 4.3 |
| 2023-10-30 | CVE-2023-46478 | Authorization Bypass Through User-Controlled Key vulnerability in Minical 1.0.0 An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. | 8.8 |
| 2023-10-19 | CVE-2022-24400 | Authorization Bypass Through User-Controlled Key vulnerability in Midnightblue Tetra:Burst A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero. | 5.9 |
| 2023-10-19 | CVE-2022-24401 | Authorization Bypass Through User-Controlled Key vulnerability in Midnightblue Tetra:Burst Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. | 8.1 |
| 2023-10-16 | CVE-2023-43668 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Inlong Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8604 | 9.8 |
| 2023-10-13 | CVE-2023-45393 | Authorization Bypass Through User-Controlled Key vulnerability in Grandingteco Utime Master 9.0.7 An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie. | 6.5 |
| 2023-10-11 | CVE-2023-45396 | Authorization Bypass Through User-Controlled Key vulnerability in Elenos Etg150 Firmware 3.12 An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12. | 6.5 |
| 2023-10-10 | CVE-2023-44249 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | 6.5 |