Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-07 | CVE-2019-17605 | Authorization Bypass Through User-Controlled Key vulnerability in Eyecomms Eyecms 20191015 A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. | 8.8 |
| 2019-11-07 | CVE-2019-17604 | Authorization Bypass Through User-Controlled Key vulnerability in Eyecomms Eyecms 20191015 An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter). | 4.3 |
| 2019-10-30 | CVE-2019-8235 | Authorization Bypass Through User-Controlled Key vulnerability in Magento An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. | 6.5 |
| 2019-10-14 | CVE-2019-17574 | Authorization Bypass Through User-Controlled Key vulnerability in Code-Atlantic Popup Maker An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. | 9.1 |
| 2019-10-09 | CVE-2019-17382 | Authorization Bypass Through User-Controlled Key vulnerability in Zabbix An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. | 9.1 |
| 2019-09-30 | CVE-2019-17050 | Authorization Bypass Through User-Controlled Key vulnerability in Thecontrolgroup Voyager An issue was discovered in the Voyager package through 1.2.7 for Laravel. | 7.2 |
| 2019-09-23 | CVE-2019-16723 | Authorization Bypass Through User-Controlled Key vulnerability in Cacti In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. | 4.3 |
| 2019-09-18 | CVE-2019-16403 | Authorization Bypass Through User-Controlled Key vulnerability in Webkul Bagisto In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. | 8.8 |
| 2019-09-16 | CVE-2019-15725 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. | 7.5 |
| 2019-09-11 | CVE-2019-14725 | Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.851 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account. | 4.3 |