Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,771)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-24834 1Wisdomgarden 1Tronclass Ilearn Nov 21, 2024 Mar 27, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote attacker with general user privilege can exploit this vulnerability to access files belonging to other users by modifying th...Show more WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote attacker with general user privilege can exploit this vulnerability to access files belonging to other users by modifying the file ID within URL.Show less
CVE-2023-24625 1Ladybirdweb 1Faveo Servicedesk Feb 21, 2025 Mar 24, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.
CVE-2023-28686 3Debian DinoFedoraproject 3Debian Linux DinoFedora Feb 19, 2025 Mar 24, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a g...Show more Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.Show less
CVE-2023-28334 1Moodle 1Moodle Nov 21, 2024 Mar 23, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Authenticated users were able to enumerate other users' names via the learning plans page.
CVE-2023-1462 1Vadi 1Digikent Jun 1, 2026 Mar 21, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse. This issue affects DigiKent: before 23.03.20.
CVE-2023-0865 1Woocommerce Multiple Customer Addresses & Shipping Project 1Woocommerce Multiple Customer Addresses & Shipping Feb 26, 2025 Mar 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high pr...Show more The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users.Show less
CVE-2023-1463 1Teampass 1Teampass Nov 21, 2024 Mar 17, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
CVE-2023-28109 1Play With Docker 1Play With Docker Nov 21, 2024 Mar 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example a...Show more Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as `evil-play-with-docker.com`. The domain would echo in response header, which successfully bypassed the CORS policy and retrieved basic user information. This issue has been fixed in commit ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a. There are no known workarounds.Show less
CVE-2021-36400 1Moodle 1Moodle Mar 7, 2025 Mar 6, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
CVE-2023-25403 1Yf Exam Project 1Yf Exam Mar 7, 2025 Mar 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged...Show more CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication.Show less
CVE-2023-0882 1Krontech 1Single Connect Jun 1, 2026 Feb 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16.
CVE-2023-25160 1Nextcloud 1Mail Nov 21, 2024 Feb 13, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the e...Show more Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available.Show less
CVE-2022-34138 1Biltema 2Baby Camera Firmware Ip Camera Firmware Mar 26, 2025 Feb 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information.
CVE-2023-0558 1Contentstudio 1Contentstudio Apr 8, 2026 Jan 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthe...Show more The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.Show less
CVE-2023-0550 1Thingsforrestaurants 1Quick Restaurant Menu Apr 8, 2026 Jan 27, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin do...Show more The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts.Show less
CVE-2021-36539 1Instructure 1Canvas Learning Management Service Nov 21, 2024 Jan 26, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
CVE-2022-45927 1Opentext 1Opentext Extended Ecm Apr 4, 2025 Jan 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used...Show more An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.Show less
CVE-2022-40319 1Lsoft 1Listserv Apr 4, 2025 Jan 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSE...Show more The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account.Show less
CVE-2023-22471 1Nextcloud 1Deck Nov 21, 2024 Jan 14, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are curren...Show more Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2.Show less
CVE-2022-4812 1Usememos 1Memos Nov 21, 2024 Dec 28, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

Previous 1...717273...89 Next