Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-27 | CVE-2022-26254 | Authorization Bypass Through User-Controlled Key vulnerability in Wowonder 4.0 WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names. | 5.3 |
| 2022-03-16 | CVE-2021-43957 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. | 7.5 |
| 2022-03-07 | CVE-2022-0442 | Authorization Bypass Through User-Controlled Key vulnerability in Ayecode Userswp The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. | 4.3 |
| 2022-03-03 | CVE-2022-25471 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr 6.0.0 An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. | 8.1 |
| 2022-02-24 | CVE-2022-0732 | Authorization Bypass Through User-Controlled Key vulnerability in 1Byte products The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. | 7.5 |
| 2022-02-23 | CVE-2022-0731 | Authorization Bypass Through User-Controlled Key vulnerability in Dolibarr Erp/Crm Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | 6.5 |
| 2022-02-19 | CVE-2022-24979 | Authorization Bypass Through User-Controlled Key vulnerability in Mittwald Varnishcache An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. | 5.3 |
| 2022-02-18 | CVE-2022-25336 | Authorization Bypass Through User-Controlled Key vulnerability in Ibexa EZ Platform Kernel Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced. | 5.3 |
| 2022-02-16 | CVE-2022-0613 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. | 6.5 |
| 2022-02-15 | CVE-2021-46249 | Authorization Bypass Through User-Controlled Key vulnerability in Scratchoauth2 Project Scratchoauth2 An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps. | 6.5 |