Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,771)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-9921 1Harmistechnology 1Je Messenger Nov 21, 2024 Mar 29, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user.
CVE-2019-9938 1Ushareit 1Shareit Nov 21, 2024 Mar 22, 2019 N/A· v4 5.3 MEDIUM· v3 2.9 LOW· v2 The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary fi...Show more The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device."Show less
CVE-2019-6716 1Logonbox 1Nervepoint Access Manager Nov 21, 2024 Mar 21, 2019 N/A· v4 9.4 CRITICAL· v3 7.5 HIGH· v2 An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names,...Show more An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request.Show less
CVE-2018-20405 1Bigtreecms 1Bigtree Nov 21, 2024 Dec 23, 2018 N/A· v4 2.7 LOW· v3 4.0 MEDIUM· v2 BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level acces...Show more BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -- you already have full control of the CMS including running arbitrary PHP.Show less
CVE-2018-16971 1Wisetail 1Learning Management System Nov 21, 2024 Sep 12, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.
CVE-2018-16608 1Monstra 1Monstra Nov 21, 2024 Sep 10, 2018 N/A· v4 8.8 HIGH· v3 4.0 MEDIUM· v2 In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
CVE-2018-16704 1Gleeztech 1Gleezcms Nov 21, 2024 Sep 7, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating...Show more An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org.Show less
CVE-2018-16606 1Proconf 1Proconf Nov 21, 2024 Sep 6, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Posit...Show more In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).Show less
CVE-2018-15833 1Vanillaforums 1Vanilla Forums Nov 21, 2024 Aug 26, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
CVE-2017-3183 1Sage 1Xrt Treasury Nov 21, 2024 Jul 24, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business...Show more Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determined by the USER_CODE field associated with the querying user. By modifying the USER_CODE value to match that of a privileged user, a low-privileged, authenticated user may gain privileged access to the SQL database. A remote, authenticated user can submit specially crafted SQL queries to gain privileged access to the application database.Show less
CVE-2018-1000210 1Yamldotnet Project 1Yamldotnet Nov 21, 2024 Jul 13, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type....Show more YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.Show less
CVE-2018-10211 1Vaultize 1Enterprise File Sharing May 30, 2025 Apr 25, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.
CVE-2017-0936 1Nextcloud 1Nextcloud Server Nov 21, 2024 Mar 28, 2018 N/A· v4 5.7 MEDIUM· v3 4.9 MEDIUM· v2 Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other us...Show more Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user.Show less
CVE-2017-0920 1Gitlab 1Gitlab Nov 21, 2024 Mar 22, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see eve...Show more GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.Show less
CVE-2017-0922 1Gitlab 1Gitlab Nov 21, 2024 Mar 21, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
CVE-2017-15211 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
CVE-2017-15209 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
CVE-2017-15208 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
CVE-2017-15207 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
CVE-2017-15206 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.

Previous 1...85 86 878889 Next