CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3214 vulnerabilities reference this CWE, most recent first.
CVE-2024-10654 (GCVE-0-2024-10654)
Vulnerability from cvelistv5 – Published: 2024-11-01 11:31 – Updated: 2024-11-05 07:04| URL | Tags |
|---|---|
| https://vuldb.com/?id.282667 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.282667 | signaturepermissions-required |
| https://vuldb.com/?submit.434801 | third-party-advisory |
| https://github.com/c0nyy/IoT_vuln/blob/main/TOTOL… | exploit |
| https://www.totolink.net/home/menu/detail/menu_li… | patch |
| https://www.totolink.net/ | product |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:totolink:lr350:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lr350",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "9.3.5u.6369"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10654",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T13:24:06.276632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T13:24:57.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LR350",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "9.3.5u.6369"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "c0nyy (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "c0nyy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In TOTOLINK LR350 bis 9.3.5u.6369 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /formLoginAuth.htm. Dank der Manipulation des Arguments authCode mit der Eingabe 1 mit unbekannten Daten kann eine authorization bypass-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 9.3.5u.6698_B20230810 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T07:04:37.847Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-282667 | TOTOLINK LR350 formLoginAuth.htm authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.282667"
},
{
"name": "VDB-282667 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.282667"
},
{
"name": "Submit #434801 | TOTOLINK LR350 V9.3.5u.6369 Authorization Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.434801"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/c0nyy/IoT_vuln/blob/main/TOTOLINK%20LR350%20Vuln.md"
},
{
"tags": [
"patch"
],
"url": "https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/231/ids/36.html"
},
{
"tags": [
"product"
],
"url": "https://www.totolink.net/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-07T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-11-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-01T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-05T08:09:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "TOTOLINK LR350 formLoginAuth.htm authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10654",
"datePublished": "2024-11-01T11:31:05.723Z",
"dateReserved": "2024-11-01T05:59:04.960Z",
"dateUpdated": "2024-11-05T07:04:37.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10497 (GCVE-0-2024-10497)
Vulnerability from cvelistv5 – Published: 2025-01-17 10:27 – Updated: 2025-02-12 16:50- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | PowerLogic HDPM6000 |
Affected:
Version v0.62.7 only
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T13:14:24.860170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:50:20.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerLogic HDPM6000",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Version v0.62.7 only"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an\nauthorized attacker to modify values outside those defined by their privileges (Elevation of Privileges) when the\nattacker sends modified HTTPS requests to the device.\n\n\u003cbr\u003e"
}
],
"value": "CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an\nauthorized attacker to modify values outside those defined by their privileges (Elevation of Privileges) when the\nattacker sends modified HTTPS requests to the device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T10:27:52.954Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-08\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-014-08.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2024-10497",
"datePublished": "2025-01-17T10:27:52.954Z",
"dateReserved": "2024-10-29T16:55:00.328Z",
"dateUpdated": "2025-02-12T16:50:20.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10452 (GCVE-0-2024-10452)
Vulnerability from cvelistv5 – Published: 2024-10-29 15:16 – Updated: 2024-10-29 15:35- CWE-639 - Authorization Bypass Through User-Controlled Key
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10452",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T15:35:24.824806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T15:35:35.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"status": "affected",
"version": "10.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Organization admins can delete pending invites created in an organization they are not part of."
}
],
"value": "Organization admins can delete pending invites created in an organization they are not part of."
}
],
"impacts": [
{
"capecId": "CAPEC-109",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-109 Object Relational Mapping Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T15:16:22.405Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2024-10452"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2024-10452",
"datePublished": "2024-10-29T15:16:22.405Z",
"dateReserved": "2024-10-28T09:08:31.193Z",
"dateUpdated": "2024-10-29T15:35:35.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10439 (GCVE-0-2024-10439)
Vulnerability from cvelistv5 – Published: 2024-10-28 02:49 – Updated: 2024-10-28 12:50- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8166-085c4-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8167-a2c0d-2.html | third-party-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sunnet:ehrd_ctms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ehrd_ctms",
"vendor": "sunnet",
"versions": [
{
"lessThan": "10.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10439",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T12:48:42.472222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T12:50:33.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eHRD CTMS",
"vendor": "Sunnet",
"versions": [
{
"lessThan": "10.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-10-28T02:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user."
}
],
"value": "The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user."
}
],
"impacts": [
{
"capecId": "CAPEC-149",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-149 Explore for Predictable Temporary File Names"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T02:49:34.913Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8166-085c4-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8167-a2c0d-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please contact Sunnet for version updates or upgrades."
}
],
"value": "Please contact Sunnet for version updates or upgrades."
}
],
"source": {
"advisory": "TVN-202410022",
"discovery": "EXTERNAL"
},
"title": "Sunnet eHRD CTMS - Insecure Direct Object Reference",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-10439",
"datePublished": "2024-10-28T02:49:34.913Z",
"dateReserved": "2024-10-28T02:02:18.222Z",
"dateUpdated": "2024-10-28T12:50:33.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10366 (GCVE-0-2024-10366)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:09 – Updated: 2025-07-15 10:48- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , < 0.7.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10366",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:50:34.810651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:36:46.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "0.7.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other users."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T10:48:56.156Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/cde47cf8-dc81-46ab-b472-f7e44a981a7e"
},
{
"url": "https://github.com/danny-avila/librechat/commit/a350443661d001ac55787741969a75d94ca14116"
}
],
"source": {
"advisory": "cde47cf8-dc81-46ab-b472-f7e44a981a7e",
"discovery": "EXTERNAL"
},
"title": "IDOR in delete attachments in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-10366",
"datePublished": "2025-03-20T10:09:37.556Z",
"dateReserved": "2024-10-24T19:34:01.680Z",
"dateUpdated": "2025-07-15T10:48:56.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10215 (GCVE-0-2024-10215)
Vulnerability from cvelistv5 – Published: 2025-01-09 19:21 – Updated: 2026-04-08 16:44- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| Iqonic Design | WPBookit |
Affected:
0 , ≤ 1.6.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T20:07:06.769401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T20:07:20.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPBookit",
"vendor": "Iqonic Design",
"versions": [
{
"lessThanOrEqual": "1.6.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:44:05.685Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d23a2b9-8476-4564-a5de-5e6cfc38ce68?source=cve"
},
{
"url": "https://documentation.iqonic.design/wpbookit/versions/change-log"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-21T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-10-21T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-01-09T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WPBookit \u003c= 1.6.4 - Unauthenticated Arbitrary User Password Change"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10215",
"datePublished": "2025-01-09T19:21:56.597Z",
"dateReserved": "2024-10-21T15:57:05.564Z",
"dateUpdated": "2026-04-08T16:44:05.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10174 (GCVE-0-2024-10174)
Vulnerability from cvelistv5 – Published: 2024-11-13 03:20 – Updated: 2026-04-08 17:28- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker |
Affected:
0 , ≤ 2.6.13
(semver)
|
|
| wedevs | wp_project_manager |
Affected:
0 , ≤ 2.6.13
(semver)
cpe:2.3:a:wedevs:wp_project_manager:-:*:*:*:*:wordpress:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wedevs:wp_project_manager:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "wp_project_manager",
"vendor": "wedevs",
"versions": [
{
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T15:40:44.468234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T15:41:35.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Project Manager \u2013 AI Powered Project Management, Task Management, Kanban Board \u0026 Time Tracker",
"vendor": "wedevs",
"versions": [
{
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the \u0027Abstract_Permission\u0027 class due to missing validation on the \u0027user_id\u0027 user controlled key. This makes it possible for unauthenticated attackers to spoof their identity to that of an administrator and access all of the plugins REST routes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:28:23.332Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dea2d045-d3b4-4b55-8b4f-5baa82a18834?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Permissions/Abstract_Permission.php#L32"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3185807/wedevs-project-manager/trunk/core/Permissions/Abstract_Permission.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-12T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts \u003c= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10174",
"datePublished": "2024-11-13T03:20:08.239Z",
"dateReserved": "2024-10-18T20:10:52.227Z",
"dateUpdated": "2026-04-08T17:28:23.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10121 (GCVE-0-2024-10121)
Vulnerability from cvelistv5 – Published: 2024-10-18 18:31 – Updated: 2024-10-18 18:48- CWE-639 - Authorization Bypass
| URL | Tags |
|---|---|
| https://vuldb.com/?id.280913 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.280913 | signaturepermissions-required |
| https://vuldb.com/?submit.420960 | third-party-advisory |
| https://github.com/weliveby/ForCVE/blob/main/rada… | exploit |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:radar:radar:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "radar",
"vendor": "radar",
"versions": [
{
"lessThanOrEqual": "1.0.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T18:45:21.336790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T18:48:19.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Interface Handler"
],
"product": "Radar",
"vendor": "wfh45678",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.7"
},
{
"status": "affected",
"version": "1.0.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "buxiaoding (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in wfh45678 Radar bis 1.0.8 gefunden. Betroffen davon ist ein unbekannter Prozess der Komponente Interface Handler. Mittels Manipulieren mit der Eingabe /../ mit unbekannten Daten kann eine authorization bypass-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T18:31:04.852Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-280913 | wfh45678 Radar Interface authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.280913"
},
{
"name": "VDB-280913 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.280913"
},
{
"name": "Submit #420960 | radar \u003c=1.0.8 Authorization Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.420960"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/weliveby/ForCVE/blob/main/radar%20Authentication%20bypass%20vulnerability.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-18T14:12:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "wfh45678 Radar Interface authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10121",
"datePublished": "2024-10-18T18:31:04.852Z",
"dateReserved": "2024-10-18T12:07:19.660Z",
"dateUpdated": "2024-10-18T18:48:19.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9862 (GCVE-0-2024-9862)
Vulnerability from cvelistv5 – Published: 2024-10-17 02:06 – Updated: 2026-04-08 17:11- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| cyberlord92 | Miniorange OTP Verification with Firebase |
Affected:
0 , ≤ 3.6.0
(semver)
|
|
| miniorange | otp_verification |
Affected:
0 , ≤ 3.6.0
(semver)
cpe:2.3:a:miniorange:otp_verification:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:miniorange:otp_verification:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "otp_verification",
"vendor": "miniorange",
"versions": [
{
"lessThanOrEqual": "3.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T16:15:43.649001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T16:16:36.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Miniorange OTP Verification with Firebase",
"vendor": "cyberlord92",
"versions": [
{
"lessThanOrEqual": "3.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and the user current password check is missing. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:11:25.406Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c3df12d-e526-4a23-89d3-bfdcea9f7b2d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/miniorange-firebase-sms-otp-verification/tags/3.6.0/handler/forms/class-loginform.php#L236"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3169869/miniorange-firebase-sms-otp-verification#file3"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-11T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-10-11T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-10-16T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Miniorange OTP Verification with Firebase \u003c= 3.6.0 - Unauthenticated Arbitrary User Password Change"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9862",
"datePublished": "2024-10-17T02:06:03.451Z",
"dateReserved": "2024-10-11T12:45:59.762Z",
"dateUpdated": "2026-04-08T17:11:25.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9819 (GCVE-0-2024-9819)
Vulnerability from cvelistv5 – Published: 2024-12-17 12:55 – Updated: 2026-06-02 06:56- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-24-1889 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| NextGeography | NG Analyser |
Affected:
0 , < 2.2.711
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:24:59.210389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T17:34:03.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NG Analyser",
"vendor": "NextGeography",
"versions": [
{
"lessThan": "2.2.711",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tunahan TEKEOGLU"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.\u003cp\u003eThis issue affects NG Analyser: before 2.2.711.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.\n\nThis issue affects NG Analyser: before 2.2.711."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T06:56:08.601Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-1889"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1889"
}
],
"source": {
"advisory": "TR-24-1889",
"defect": [
"TR-24-1889"
],
"discovery": "UNKNOWN"
},
"title": "IDOR in NextGEO\u0027s NG Analyser",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-9819",
"datePublished": "2024-12-17T12:55:32.225Z",
"dateReserved": "2024-10-10T14:14:31.244Z",
"dateUpdated": "2026-06-02T06:56:08.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.