Vulnerabilities > Authorization Bypass Through User-Controlled Key
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-23 | CVE-2018-20405 | Authorization Bypass Through User-Controlled Key vulnerability in Bigtreecms Bigtree 4.3 BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. | 2.7 |
2018-09-12 | CVE-2018-16971 | Authorization Bypass Through User-Controlled Key vulnerability in Wisetail Learning Management System Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. | 4.3 |
2018-09-10 | CVE-2018-16608 | Authorization Bypass Through User-Controlled Key vulnerability in Monstra 3.0.4 In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR). | 8.8 |
2018-09-07 | CVE-2018-16704 | Authorization Bypass Through User-Controlled Key vulnerability in Gleeztech Gleezcms 1.3.0 An issue was discovered in Gleez CMS v1.2.0. | 4.3 |
2018-09-06 | CVE-2018-16606 | Authorization Bypass Through User-Controlled Key vulnerability in Proconf In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter). | 6.5 |
2018-08-26 | CVE-2018-15833 | Authorization Bypass Through User-Controlled Key vulnerability in Vanillaforums Vanilla Forums In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items). | 4.3 |
2018-07-13 | CVE-2018-1000210 | Authorization Bypass Through User-Controlled Key vulnerability in Yamldotnet Project Yamldotnet YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. | 7.8 |
2018-04-25 | CVE-2018-10211 | Authorization Bypass Through User-Controlled Key vulnerability in Vaultize Enterprise File Sharing 17.05.31 An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. | 5.3 |
2018-03-28 | CVE-2017-0936 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. | 5.7 |
2017-10-11 | CVE-2017-15211 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. | 4.3 |