Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2019-9756 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. | 7.5 |
| 2019-04-17 | CVE-2019-9219 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. | 4.3 |
| 2019-04-17 | CVE-2019-9170 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. | 5.0 |
| 2019-03-29 | CVE-2019-9921 | Authorization Bypass Through User-Controlled Key vulnerability in Harmistechnology JE Messenger 1.2.2 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. | 6.5 |
| 2019-03-21 | CVE-2019-6716 | Authorization Bypass Through User-Controlled Key vulnerability in Logonbox Nervepoint Access Manager 1.2/1.3/1.4 An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request. | 7.5 |
| 2018-12-23 | CVE-2018-20405 | Authorization Bypass Through User-Controlled Key vulnerability in Bigtreecms Bigtree 4.3 BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. | 2.7 |
| 2018-09-12 | CVE-2018-16971 | Authorization Bypass Through User-Controlled Key vulnerability in Wisetail Learning Management System Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. | 4.0 |
| 2018-09-10 | CVE-2018-16608 | Authorization Bypass Through User-Controlled Key vulnerability in Monstra 3.0.4 In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR). | 4.0 |
| 2018-09-07 | CVE-2018-16704 | Authorization Bypass Through User-Controlled Key vulnerability in Gleeztech Gleezcms 1.3.0 An issue was discovered in Gleez CMS v1.2.0. | 4.0 |
| 2018-09-06 | CVE-2018-16606 | Authorization Bypass Through User-Controlled Key vulnerability in Proconf In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter). | 4.0 |