Vulnerabilities > Authorization Bypass Through User-Controlled Key
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-24 | CVE-2023-33706 | Authorization Bypass Through User-Controlled Key vulnerability in Sysaid SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | 6.5 |
2023-11-22 | CVE-2023-47316 | Authorization Bypass Through User-Controlled Key vulnerability in H-Mdm Headwind MDM 5.22.1 Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. | 5.4 |
2023-11-21 | CVE-2023-48304 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. | 4.3 |
2023-11-21 | CVE-2023-6144 | Authorization Bypass Through User-Controlled Key vulnerability in Armanidrisi DEV Blog 1.0 Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. | 4.8 |
2023-11-20 | CVE-2023-38884 | Authorization Bypass Through User-Controlled Key vulnerability in Os4Ed Opensis 9.0 An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>' | 7.5 |
2023-11-14 | CVE-2023-43900 | Authorization Bypass Through User-Controlled Key vulnerability in Emsigner 2.8.7 Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters. | 6.5 |
2023-11-14 | CVE-2023-46446 | Authorization Bypass Through User-Controlled Key vulnerability in Asyncssh Project Asyncssh An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." | 6.8 |
2023-11-09 | CVE-2023-5544 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | 5.4 |
2023-11-07 | CVE-2023-45380 | Authorization Bypass Through User-Controlled Key vulnerability in Silbersaiten Order Duplicator 1.1.7 In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. | 8.8 |
2023-11-03 | CVE-2023-38965 | Authorization Bypass Through User-Controlled Key vulnerability in Oretnom23 Lost and Found Information System 1.0 Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | 9.8 |