Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-7347

Summary
Assigner-TR-CERT
Assigner Org ID-ca940d4e-fea4-4aa2-9a58-591a58b1ce21
Published At-10 Feb, 2026 | 14:08
Updated At-05 Jun, 2026 | 13:48
Rejected At-
Credits

IDOR in Dinibh Puzzle's Dinibh Patrol Tracking System

Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers. This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:TR-CERT
Assigner Org ID:ca940d4e-fea4-4aa2-9a58-591a58b1ce21
Published At:10 Feb, 2026 | 14:08
Updated At:05 Jun, 2026 | 13:48
Rejected At:
▼CVE Numbering Authority (CNA)
IDOR in Dinibh Puzzle's Dinibh Patrol Tracking System

Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers. This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products
Vendor
Dinibh Puzzle Software Solutions
Product
Dinibh Patrol Tracking System
Default Status
unknown
Versions
Affected
  • From 0 through 10022026 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-639CWE-639 Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-639
Description: CWE-639 Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-21CAPEC-21 Exploitation of Trusted Identifiers
CAPEC ID: CAPEC-21
Description: CAPEC-21 Exploitation of Trusted Identifiers
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Berfin BABAYİĞİT
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.usom.gov.tr/bildirim/tr-26-0051
government-resource
broken-link
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0051
government-resource
Hyperlink: https://www.usom.gov.tr/bildirim/tr-26-0051
Resource:
government-resource
broken-link
Hyperlink: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0051
Resource:
government-resource
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:iletisim@usom.gov.tr
Published At:10 Feb, 2026 | 15:16
Updated At:05 Jun, 2026 | 15:16

Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers. This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-639Secondaryiletisim@usom.gov.tr
CWE ID: CWE-639
Type: Secondary
Source: iletisim@usom.gov.tr
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0051iletisim@usom.gov.tr
N/A
https://www.usom.gov.tr/bildirim/tr-26-0051iletisim@usom.gov.tr
N/A
Hyperlink: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0051
Source: iletisim@usom.gov.tr
Resource: N/A
Hyperlink: https://www.usom.gov.tr/bildirim/tr-26-0051
Source: iletisim@usom.gov.tr
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

117Records found
CVE-2024-38701
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.93%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 10:14
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Academy LMS plugin <= 2.0.4 - Broken Access Control vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.

Action-Not Available
Vendor-kodezenAcademy LMSkodezen
Product-academy_lmsAcademy LMSacademy_lms
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-55506
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.44%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 00:00
Updated-03 Apr, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter.

Action-Not Available
Vendor-n/aCodeAstro
Product-complaint_management_systemn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-32808
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 13.70%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 10:18
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.

Action-Not Available
Vendor-Metagauss Inc.
Product-profilegridProfileGrid
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-32166
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.08%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 00:00
Updated-03 Jun, 2025 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation).

Action-Not Available
Vendor-webidsupportn/awebidsupport
Product-webidn/awebid
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2019-16403
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 53.26%
||
7 Day CHG~0.00%
Published-18 Sep, 2019 | 11:49
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.

Action-Not Available
Vendor-n/aWebkul Software Pvt. Ltd.
Product-bagiston/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-6357
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.3||MEDIUM
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 13:08
Updated-19 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Direct Object Reference vulnerability

Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence.

Action-Not Available
Vendor-Open Text Corporation
Product-arcsight_intelligenceArcSight Intelligence
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2020-23722
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.79%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 13:36
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.

Action-Not Available
Vendor-thedaylightstudion/a
Product-fuel_cmsn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-47316
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 12:27
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This issue affects Salon booking system: from n/a through <= 10.9.

Action-Not Available
Vendor-salonbookingsystemDimitri Grassi
Product-salon_booking_systemSalon booking system
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-34520
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing client-side access controls.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-32772
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.44%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 10:19
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.

Action-Not Available
Vendor-Metagauss Inc.WordPress.org
Product-profilegridProfileGridprofile_grid
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-1462
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.36% / 59.00%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 08:16
Updated-01 Jun, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Digikent

Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse. This issue affects DigiKent: before 23.03.20.

Action-Not Available
Vendor-vadiVadi Corporate Information Systems
Product-digikentDigiKent
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-2808
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.30% / 53.73%
||
7 Day CHG+0.01%
Published-12 Dec, 2022 | 01:49
Updated-20 May, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Prens Student Information System

Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection. This issue affects Prens Student Information System: before 2.1.11.

Action-Not Available
Vendor-alganAlgan Software
Product-prens_student_information_systemPrens Student Information System
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-43492
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 63.70%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 22:08
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Comments – wpDiscuz plugin 7.4.2 - Auth. Insecure Direct Object References (IDOR) vulnerability

Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.

Action-Not Available
Vendor-gvectorsgVectors Team
Product-wpdiscuzComments – wpDiscuz (WordPress plugin)
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-4934
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.44%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 07:35
Updated-21 May, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Usta AYBS

Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass. This issue affects AYBS: before 1.0.3.

Action-Not Available
Vendor-ustaUsta
Product-aybsAYBS
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-42175
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.16%
||
7 Day CHG~0.00%
Published-05 Jul, 2023 | 00:00
Updated-26 Nov, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.

Action-Not Available
Vendor-soluslabsn/a
Product-solusvmn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-45380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.11% / 29.78%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 00:00
Updated-05 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can download personal information from ps_customer/ps_address tables such as name / surname / phone number / full postal address.

Action-Not Available
Vendor-silbersaitenn/asilbersaiten
Product-order_duplicatorn/aorder_duplicator
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-2702
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.36% / 59.00%
||
7 Day CHG+0.18%
Published-23 May, 2023 | 19:14
Updated-22 May, 2026 | 11:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Finex Media's Competition Management System

Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass. This issue affects Competition Management System: before 23.07.

Action-Not Available
Vendor-finexmediaFinex Media
Product-competition_management_systemCompetition Management System
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found