Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-20 | CVE-2023-38884 | Authorization Bypass Through User-Controlled Key vulnerability in Os4Ed Opensis 9.0 An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>' | 7.5 |
| 2023-11-14 | CVE-2023-43900 | Authorization Bypass Through User-Controlled Key vulnerability in Emsigner 2.8.7 Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters. | 6.5 |
| 2023-11-14 | CVE-2023-46446 | Authorization Bypass Through User-Controlled Key vulnerability in Asyncssh Project Asyncssh An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." | 6.8 |
| 2023-11-09 | CVE-2023-5544 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | 5.4 |
| 2023-11-07 | CVE-2023-45380 | Authorization Bypass Through User-Controlled Key vulnerability in Silbersaiten Order Duplicator 1.1.7 In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. | 8.8 |
| 2023-11-03 | CVE-2023-41356 | Authorization Bypass Through User-Controlled Key vulnerability in Wisdomgarden Tronclass Ilearn 1.62.41849 NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. | 6.5 |
| 2023-11-03 | CVE-2023-38965 | Authorization Bypass Through User-Controlled Key vulnerability in Oretnom23 Lost and Found Information System 1.0 Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | 9.8 |
| 2023-10-31 | CVE-2023-4836 | Authorization Bypass Through User-Controlled Key vulnerability in Userprivatefiles Wordpress File Sharing Plugin The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced | 4.3 |
| 2023-10-30 | CVE-2023-46478 | Authorization Bypass Through User-Controlled Key vulnerability in Minical 1.0.0 An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. | 8.8 |
| 2023-10-19 | CVE-2022-24400 | Authorization Bypass Through User-Controlled Key vulnerability in Midnightblue Tetra:Burst A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero. | 5.9 |