Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-8290

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-25 Sep, 2024 | 06:49
Updated At-25 Sep, 2024 | 13:21
Rejected At-
Credits

WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function due to missing validation on the ID user controlled key. This makes it possible for authenticated attackers, with subscriber/customer-level access and above, to change the email address of administrator user accounts which allows them to reset the password and access the administrator account.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:25 Sep, 2024 | 06:49
Updated At:25 Sep, 2024 | 13:21
Rejected At:
▼CVE Numbering Authority (CNA)
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function due to missing validation on the ID user controlled key. This makes it possible for authenticated attackers, with subscriber/customer-level access and above, to change the email address of administrator user accounts which allows them to reset the password and access the administrator account.

Affected Products
Vendor
wclovers
Product
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
Default Status
unaffected
Versions
Affected
  • From * through 6.7.12 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-639CWE-639 Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-639
Description: CWE-639 Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
wesley
Timeline
EventDate
Disclosed2024-09-24 17:50:38
Event: Disclosed
Date: 2024-09-24 17:50:38
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/79172fe3-c0cf-48c4-8bc5-862c628c1a09?source=cve
N/A
https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.12/controllers/customers/wcfm-controller-customers-manage.php#L97
N/A
https://plugins.trac.wordpress.org/changeset/3156433/wc-frontend-manager/trunk/controllers/customers/wcfm-controller-customers-manage.php
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/79172fe3-c0cf-48c4-8bc5-862c628c1a09?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.12/controllers/customers/wcfm-controller-customers-manage.php#L97
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3156433/wc-frontend-manager/trunk/controllers/customers/wcfm-controller-customers-manage.php
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
wclovers
Product
frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible
CPEs
  • cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 6.7.12 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:25 Sep, 2024 | 07:15
Updated At:02 Oct, 2024 | 18:23

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function due to missing validation on the ID user controlled key. This makes it possible for authenticated attackers, with subscriber/customer-level access and above, to change the email address of administrator user accounts which allows them to reset the password and access the administrator account.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
wclovers
wclovers
>>frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible>>Versions before 6.7.13(exclusive)
cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-639Primarysecurity@wordfence.com
CWE ID: CWE-639
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.12/controllers/customers/wcfm-controller-customers-manage.php#L97security@wordfence.com
Product
https://plugins.trac.wordpress.org/changeset/3156433/wc-frontend-manager/trunk/controllers/customers/wcfm-controller-customers-manage.phpsecurity@wordfence.com
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/79172fe3-c0cf-48c4-8bc5-862c628c1a09?source=cvesecurity@wordfence.com
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.12/controllers/customers/wcfm-controller-customers-manage.php#L97
Source: security@wordfence.com
Resource:
Product
Hyperlink: https://plugins.trac.wordpress.org/changeset/3156433/wc-frontend-manager/trunk/controllers/customers/wcfm-controller-customers-manage.php
Source: security@wordfence.com
Resource:
Patch
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/79172fe3-c0cf-48c4-8bc5-862c628c1a09?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

80Records found
CVE-2024-48217
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.39%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 00:00
Updated-05 Nov, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation.

Action-Not Available
Vendor-n/asismart
Product-n/acms
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-47316
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.73%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 12:27
Updated-11 Apr, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9.

Action-Not Available
Vendor-salonbookingsystemSalon Booking System
Product-salon_booking_systemSalon booking system
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-2883
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.02% / 3.01%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 08:20
Updated-15 Jan, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in CBOT's Chatbot

Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

Action-Not Available
Vendor-CBOT
Product-cbot_panelcbot_coreChatbot
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-4934
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.64%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 07:35
Updated-23 Sep, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Usta AYBS

Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before 1.0.3.

Action-Not Available
Vendor-ustaUsta
Product-aybsAYBS
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-43266
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.97%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 21:34
Updated-05 Feb, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Job Portal – A Complete Job Board plugin <= 2.1.6 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in WP Job Portal.This issue affects WP Job Portal: from n/a through 2.1.6.

Action-Not Available
Vendor-WP Job Portal
Product-wp_job_portalWP Job Portal
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-49251
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.62%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 10:00
Updated-14 Nov, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected device is fully set up.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100SIMATIC CN 4100
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-2260
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.02%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authorization Bypass Through User-Controlled Key in alfio-event/alf.io

Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.

Action-Not Available
Vendor-alfalfio-event
Product-alfalfio-event/alf.io
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-23679
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 5.78%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 14:21
Updated-18 Oct, 2024 | 13:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7.

Action-Not Available
Vendor-jshelpdeskJS Help Desk
Product-jshelpdeskJS Help Desk
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-2808
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.02% / 2.31%
||
7 Day CHG~0.00%
Published-12 Dec, 2022 | 01:49
Updated-16 Sep, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Prens Student Information System

Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.This issue affects Prens Student Information System: before 2.1.11.

Action-Not Available
Vendor-alganAlgan Software
Product-prens_student_information_systemPrens Student Information System
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-2824
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-0.51% / 65.58%
||
7 Day CHG~0.00%
Published-15 Aug, 2022 | 15:50
Updated-03 Aug, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authorization Bypass Through User-Controlled Key in openemr/openemr

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

Action-Not Available
Vendor-OpenEMR Foundation, Inc
Product-openemropenemr/openemr
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-40355
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.40% / 59.52%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to use user-supplied input to access objects directly.

Action-Not Available
Vendor-Siemens AG
Product-teamcenter_visualizationTeamcenter V12.4Teamcenter V13.0Teamcenter V13.2Teamcenter V13.1
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-42455
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.95%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 16:30
Updated-19 Sep, 2024 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wazuh vulnerable to user privilege escalation

Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the API, even if their dashboard role is not. Version 4.4.2 contains a fix. There are no known workarounds.

Action-Not Available
Vendor-Wazuh, Inc.
Product-wazuh-dashboardwazuh-kibana-appwazuh-kibana-appwazuh-dashboardwazuh-kibana-app
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-41847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.50% / 65.03%
||
7 Day CHG~0.00%
Published-01 Oct, 2021 | 22:25
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credentials. Also, an authorized user of one zone can send API requests to unlock electronic locks associated with zones they are unauthorized to have access to. They can also create new user logins for zones they were not authorized to access, including the root zone of the software.

Action-Not Available
Vendor-3xlogicn/a
Product-infinias_access_controln/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-41298
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.23% / 46.01%
||
7 Day CHG~0.00%
Published-30 Sep, 2021 | 10:41
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECOA BAS controller - Improper Access Control

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities.

Action-Not Available
Vendor-ecoaECOA
Product-ecs_router_controller-ecs_firmwareecs_router_controller-ecsriskbusterriskterminatorriskbuster_firmwareECS Router Controller ECS (FLASH)RiskBuster System RB 3.0.0RiskBuster System TRANE 1.0Graphic Control SoftwareRiskBuster Terminator E6L45SmartHome II E9246RiskTerminator
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-9637
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.60%
||
7 Day CHG+0.05%
Published-26 Oct, 2024 | 08:36
Updated-10 Jul, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
School Management System – WPSchoolPress <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with teacher-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

Action-Not Available
Vendor-igexsolutionsjdsofttechjdsofttech
Product-wpschoolpressSchool Management System – WPSchoolPressschool_management_system
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-2193
Matching Score-4
Assigner-HYPR Corp
ShareView Details
Matching Score-4
Assigner-HYPR Corp
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.89%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 14:07
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1.

Action-Not Available
Vendor-hyprHYPR
Product-hypr_serverHYPR Server
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-3288
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.5||HIGH
EPSS-0.19% / 41.49%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 10:30
Updated-26 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A BOLA vulnerability in POST /providers in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.

Action-Not Available
Vendor-easyappointments
Product-easyappointmentseasyappointments
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-2702
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.02% / 3.01%
||
7 Day CHG~0.00%
Published-23 May, 2023 | 19:14
Updated-17 Jan, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Finex Media's Competition Management System

Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass.This issue affects Competition Management System: before 23.07.

Action-Not Available
Vendor-finexmediaFinex Media
Product-competition_management_systemCompetition Management System
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2019-16403
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.30% / 52.76%
||
7 Day CHG~0.00%
Published-18 Sep, 2019 | 11:49
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.

Action-Not Available
Vendor-n/aWebkul Software Pvt. Ltd.
Product-bagiston/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-37214
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.48%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 09:15
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-3

The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator privilege and execute arbitrary command.

Action-Not Available
Vendor-larvataLarvata Digital Technology Co. Ltd.
Product-flygoFLYGO
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-33223
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 19.11%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file.

Action-Not Available
Vendor-seeddmsn/a
Product-seeddmsn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-38701
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.20%
||
7 Day CHG-0.02%
Published-22 Jul, 2024 | 10:14
Updated-14 Aug, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Academy LMS plugin <= 2.0.4 - Broken Access Control vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.

Action-Not Available
Vendor-kodezenAcademy LMSkodezen
Product-academy_lmsAcademy LMSacademy_lms
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-35659
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.62%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 16:09
Updated-26 Nov, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KiviCare plugin <= 3.6.2 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects KiviCare: from n/a through 3.6.2.

Action-Not Available
Vendor-iqonic
Product-kivicareKiviCare
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-32808
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.07%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 10:18
Updated-04 Feb, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.

Action-Not Available
Vendor-Metagauss Inc.
Product-profilegridProfileGrid
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-32772
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.48%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 10:19
Updated-04 Feb, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.

Action-Not Available
Vendor-Metagauss Inc.WordPress.org
Product-profilegridProfileGrid profile_grid
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2019-17605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.29%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 15:21
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed.

Action-Not Available
Vendor-eyecommsn/a
Product-eyecmsn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-45927
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.34%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:00
Updated-04 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.

Action-Not Available
Vendor-n/aOpen Text Corporation
Product-opentext_extended_ecmn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-34520
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 21.70%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 00:00
Updated-13 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing client-side access controls.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2020-23722
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.07%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 13:36
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.

Action-Not Available
Vendor-thedaylightstudion/a
Product-fuel_cmsn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-32166
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.10%
||
7 Day CHG+0.01%
Published-19 Apr, 2024 | 00:00
Updated-03 Jun, 2025 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation).

Action-Not Available
Vendor-webidsupportn/awebidsupport
Product-webidn/awebid
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
  • Previous
  • 1
  • 2
  • Next
Details not found