Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2018-12-23 CVE-2018-20405 Authorization Bypass Through User-Controlled Key vulnerability in Bigtreecms Bigtree 4.3
BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error.
network
low complexity
bigtreecms CWE-639
2.7
2018-09-12 CVE-2018-16971 Authorization Bypass Through User-Controlled Key vulnerability in Wisetail Learning Management System
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.
network
low complexity
wisetail CWE-639
4.3
2018-09-10 CVE-2018-16608 Authorization Bypass Through User-Controlled Key vulnerability in Monstra 3.0.4
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
network
low complexity
monstra CWE-639
8.8
2018-09-07 CVE-2018-16704 Authorization Bypass Through User-Controlled Key vulnerability in Gleeztech Gleezcms 1.3.0
An issue was discovered in Gleez CMS v1.2.0.
network
low complexity
gleeztech CWE-639
4.3
2018-09-06 CVE-2018-16606 Authorization Bypass Through User-Controlled Key vulnerability in Proconf
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).
network
low complexity
proconf CWE-639
6.5
2018-08-26 CVE-2018-15833 Authorization Bypass Through User-Controlled Key vulnerability in Vanillaforums Vanilla Forums
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
network
low complexity
vanillaforums CWE-639
4.3
2018-07-13 CVE-2018-1000210 Authorization Bypass Through User-Controlled Key vulnerability in Yamldotnet Project Yamldotnet
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them.
local
low complexity
yamldotnet-project CWE-639
7.8
2018-04-25 CVE-2018-10211 Authorization Bypass Through User-Controlled Key vulnerability in Vaultize Enterprise File Sharing 17.05.31
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.
network
low complexity
vaultize CWE-639
5.3
2018-03-28 CVE-2017-0936 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability.
network
low complexity
nextcloud CWE-639
5.7
2017-10-11 CVE-2017-15211 Authorization Bypass Through User-Controlled Key vulnerability in Kanboard
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
network
low complexity
kanboard CWE-639
4.3