Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-23 | CVE-2021-24562 | Authorization Bypass Through User-Controlled Key vulnerability in Lifterlms The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades | 7.5 |
| 2021-08-16 | CVE-2021-37709 | Authorization Bypass Through User-Controlled Key vulnerability in Shopware Shopware is an open source eCommerce platform. | 4.0 |
| 2021-08-09 | CVE-2021-37212 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. | 5.5 |
| 2021-08-09 | CVE-2021-37213 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. | 4.0 |
| 2021-08-09 | CVE-2021-37214 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. | 6.5 |
| 2021-08-09 | CVE-2021-37215 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. | 4.0 |
| 2021-08-04 | CVE-2021-36801 | Authorization Bypass Through User-Controlled Key vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. | 5.5 |
| 2021-08-02 | CVE-2021-24473 | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles). | 5.5 |
| 2021-07-21 | CVE-2021-32744 | Authorization Bypass Through User-Controlled Key vulnerability in Collabora Online 6.4.0 Collabora Online is a collaborative online office suite. | 5.0 |
| 2021-07-01 | CVE-2021-35337 | Authorization Bypass Through User-Controlled Key vulnerability in Phone Shop Sales Management System Project Phone Shop Sales Management System 1.0 Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). | 4.0 |