Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1033

1033 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-2913 Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass — Login No Captcha reCAPTCHA 4.3 -2022-09-16
CVE-2022-2877 Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing — Titan Anti-spam & Security 5.3 -2022-09-16
CVE-2022-2080 Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR — Sensei LMS – Online Courses, Quizzes, & Learning 5.4 -2022-08-29
CVE-2021-4142 Red Hat Satellite 授权问题漏洞 — candlepin 5.7 -2022-08-24
CVE-2022-2312 Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF — Student Result or Employee Database 5.4 -2022-08-22
CVE-2022-2198 WPQA < 5.7 - Subscriber+ Private Message Disclosure via IDOR — WPQA Builder 4.3 -2022-08-22
CVE-2022-2824 Authorization Bypass Through User-Controlled Key in openemr/openemr — openemr/openemr 8.8 High2022-08-15
CVE-2022-2535 SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure — SearchWP Live Ajax Search 5.3 -2022-08-15
CVE-2022-2730 Authorization Bypass Through User-Controlled Key in openemr/openemr — openemr/openemr 8.2 -2022-08-09
CVE-2022-2367 WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass — WSM Downloader 7.5 -2022-08-08
CVE-2022-1600 YOP Poll < 6.4.3 - IP Spoofing — YOP Poll 5.3 -2022-08-01
CVE-2022-33944 ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key — MV720 6.5 Medium2022-07-20
CVE-2022-34150 ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key — MV720 7.1 High2022-07-20
CVE-2021-24655 WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise — WP User Manager – User Profile Builder & Membership 7.5 -2022-07-17
CVE-2022-0624 Authorization Bypass Through User-Controlled Key in ionicabizau/parse-path — ionicabizau/parse-path 7.3 -2022-06-28
CVE-2022-1614 WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP Spoofing — WP-EMail 7.5 -2022-06-20
CVE-2022-31027 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator — oauthenticator 4.2 Medium2022-06-06
CVE-2022-1996 Authorization Bypass Through User-Controlled Key in emicklei/go-restful — emicklei/go-restful 9.1 -2022-06-06
CVE-2022-1810 Authorization Bypass Through User-Controlled Key in publify/publify — publify/publify 7.1 -2022-05-23
CVE-2022-29159 Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck — security-advisories 5.0 Medium2022-05-20
CVE-2022-1425 WPQA < 5.2 - Subscriber+ Private Message Disclosure via IDOR — WPQA Builder Plugin 6.5 -2022-05-16
CVE-2022-23061 Shopizer - IDOR delete superadmin — Shopizer 6.5 Medium2022-05-01
CVE-2021-24800 DW Question & Answer Pro <= 1.3.4 - Arbitrary Comment Edition via IDOR — DW Question Answer Pro 4.3 -2022-04-25
CVE-2022-1165 Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP Spoofing — Blackhole for Bad Bots 9.1 -2022-04-04
CVE-2022-0442 UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override — UsersWP – User Registration & User Profile 4.3 -2022-03-07
CVE-2021-41111 Authorization Bypass Through User-Controlled Key in Rundeck — rundeck 6.4 Medium2022-02-28
CVE-2022-0691 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse — unshiftio/url-parse 9.1 -2022-02-21
CVE-2022-0686 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse — unshiftio/url-parse 9.1 -2022-02-20
CVE-2022-0639 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse — unshiftio/url-parse 9.1 -2022-02-17
CVE-2022-0613 Authorization Bypass Through User-Controlled Key in medialize/uri.js — medialize/uri.js 7.4 -2022-02-16

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1033 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.