Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2023-11-24 CVE-2023-33706 Authorization Bypass Through User-Controlled Key vulnerability in Sysaid
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
network
low complexity
sysaid CWE-639
6.5
2023-11-22 CVE-2023-47316 Authorization Bypass Through User-Controlled Key vulnerability in H-Mdm Headwind MDM 5.22.1
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control.
network
low complexity
h-mdm CWE-639
5.4
2023-11-21 CVE-2023-48304 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform.
network
low complexity
nextcloud CWE-639
4.3
2023-11-21 CVE-2023-6144 Authorization Bypass Through User-Controlled Key vulnerability in Armanidrisi DEV Blog 1.0
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie.
network
high complexity
armanidrisi CWE-639
4.8
2023-11-20 CVE-2023-38884 Authorization Bypass Through User-Controlled Key vulnerability in Os4Ed Opensis 9.0
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'
network
low complexity
os4ed CWE-639
7.5
2023-11-14 CVE-2023-43900 Authorization Bypass Through User-Controlled Key vulnerability in Emsigner 2.8.7
Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters.
network
low complexity
emsigner CWE-639
6.5
2023-11-14 CVE-2023-46446 Authorization Bypass Through User-Controlled Key vulnerability in Asyncssh Project Asyncssh
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
network
high complexity
asyncssh-project CWE-639
6.8
2023-11-09 CVE-2023-5544 Authorization Bypass Through User-Controlled Key vulnerability in multiple products
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
network
low complexity
moodle redhat fedoraproject CWE-639
5.4
2023-11-07 CVE-2023-45380 Authorization Bypass Through User-Controlled Key vulnerability in Silbersaiten Order Duplicator 1.1.7
In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction.
network
low complexity
silbersaiten CWE-639
8.8
2023-11-03 CVE-2023-38965 Authorization Bypass Through User-Controlled Key vulnerability in Oretnom23 Lost and Found Information System 1.0
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
network
low complexity
oretnom23 CWE-639
critical
9.8