Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-2190 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1.
network
low complexity
gitlab CWE-639
6.5
2023-07-10 CVE-2023-3219 Authorization Bypass Through User-Controlled Key vulnerability in Myeventon Eventon
The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
network
low complexity
myeventon CWE-639
5.3
2023-07-06 CVE-2023-37242 Authorization Bypass Through User-Controlled Key vulnerability in Huawei Emui and Harmonyos
Vulnerability of commands from the modem being intercepted in the atcmdserver module.
network
low complexity
huawei CWE-639
critical
9.8
2023-07-05 CVE-2022-42175 Authorization Bypass Through User-Controlled Key vulnerability in Soluslabs Solusvm 4.1.2
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.
network
low complexity
soluslabs CWE-639
8.8
2023-06-20 CVE-2023-26428 Authorization Bypass Through User-Controlled Key vulnerability in Open-Xchange Appsuite Backend
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context.
network
low complexity
open-xchange CWE-639
6.5
2023-06-07 CVE-2021-33223 Authorization Bypass Through User-Controlled Key vulnerability in Seeddms 6.0.15
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file.
network
low complexity
seeddms CWE-639
8.8
2023-06-05 CVE-2023-33956 Authorization Bypass Through User-Controlled Key vulnerability in Kanboard
Kanboard is open source project management software that focuses on the Kanban methodology.
network
low complexity
kanboard CWE-639
6.5
2023-06-05 CVE-2023-3066 Authorization Bypass Through User-Controlled Key vulnerability in Mobatime Amxgt 100 1.3.20
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.
network
low complexity
mobatime CWE-639
8.1
2023-06-01 CVE-2023-32310 Authorization Bypass Through User-Controlled Key vulnerability in Dataease
DataEase is an open source data visualization and analysis tool.
network
low complexity
dataease CWE-639
8.1
2023-05-30 CVE-2022-36247 Authorization Bypass Through User-Controlled Key vulnerability in Shopbeat Shop Beat Media Player 2.5.95
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za.
network
low complexity
shopbeat CWE-639
critical
9.1