Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-03 | CVE-2021-24831 | Forced Browsing vulnerability in Rich-Web TAB All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. | 7.5 |
| 2021-11-08 | CVE-2021-24695 | Forced Browsing vulnerability in Tipsandtricks-Hq Simple Download Monitor The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames | 7.5 |
| 2021-11-05 | CVE-2021-42671 | Forced Browsing vulnerability in Engineers Online Portal Project Engineers Online Portal An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. | 7.5 |
| 2021-11-02 | CVE-2021-36560 | Forced Browsing vulnerability in Phone Shop Sales Management System Project Phone Shop Sales Management System 1.0 Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. | 9.8 |
| 2021-10-15 | CVE-2018-16060 | Forced Browsing vulnerability in Mitsubishielectric Smartrtu Firmware Mitsubishi Electric Europe B.V. | 7.5 |
| 2021-09-29 | CVE-2021-36745 | Forced Browsing vulnerability in Trendmicro Serverprotect 5.8/6.0 A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. | 9.8 |
| 2021-09-22 | CVE-2021-40875 | Forced Browsing vulnerability in Gurock Testrail Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. | 7.5 |
| 2021-08-03 | CVE-2021-26085 | Forced Browsing vulnerability in Atlassian Confluence Server Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. | 5.3 |
| 2021-07-30 | CVE-2021-20114 | Forced Browsing vulnerability in Tecnick Tcexam When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. | 7.5 |
| 2021-05-06 | CVE-2021-28150 | Forced Browsing vulnerability in Hongdian H8922 Firmware 3.0.5 Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi. | 5.5 |