CWE-639
1,734 CVEs • Abstraction: Base • Likelihood of Exploit: High
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CVEs (1,734)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs. |
Unauthenticated attackers can rename "rooms" of arbitrary users. |
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers). |
An unauthenticated attacker can hijack other users' devices and potentially control them. |
An attacker can export other users' plant information. |
Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users). |
An authenticated attacker can obtain any plant name by knowing the plant ID. |
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. |
An unauthenticated attacker can check the existence of usernames in the system by querying an API. |
An unauthenticated attacker can obtain a user's plant list by knowing the username. |
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes"). |
An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username. |
An attacker can change registered email addresses of other users and take over arbitrary accounts. |
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms"). |
An unauthenticated attacker can get users' emails by knowing usernames. A password reset email will be sent in response to this unsolicited request. |
An unauthenticated attacker can infer the existence of usernames in the system by querying an API. |
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" e...Show more |
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoi...Show more |
1Tutorials Website 1Employee Management System Jun 5, 2025 Apr 13, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID lead...Show more |
1Tutorials Website 1Employee Management System Jun 5, 2025 Apr 13, 2025 6.9 MEDIUM· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the a...Show more |