Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-30 | CVE-2019-17050 | Authorization Bypass Through User-Controlled Key vulnerability in Thecontrolgroup Voyager An issue was discovered in the Voyager package through 1.2.7 for Laravel. | 7.2 |
| 2019-09-23 | CVE-2019-16723 | Authorization Bypass Through User-Controlled Key vulnerability in Cacti In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. | 4.3 |
| 2019-09-18 | CVE-2019-16403 | Authorization Bypass Through User-Controlled Key vulnerability in Webkul Bagisto In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. | 8.8 |
| 2019-09-16 | CVE-2019-15725 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. | 7.5 |
| 2019-09-11 | CVE-2019-14725 | Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.851 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account. | 4.3 |
| 2019-09-11 | CVE-2019-14724 | Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.851 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account. | 7.5 |
| 2019-09-10 | CVE-2019-14721 | Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.851 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. | 6.5 |
| 2019-08-21 | CVE-2019-14246 | Authorization Bypass Through User-Controlled Key vulnerability in Centos-Webpanel Centos web Panel 0.9.8.851 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account. | 6.5 |
| 2019-08-21 | CVE-2019-14245 | Authorization Bypass Through User-Controlled Key vulnerability in Centos-Webpanel Centos web Panel 0.9.8.851 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account. | 6.5 |
| 2019-08-12 | CVE-2019-14932 | Authorization Bypass Through User-Controlled Key vulnerability in Humanica Humatrix 7 1.0.0.203/1.0.0.681 The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. | 7.5 |