Skip to main content

CWE-566

Authorization Bypass Through User-Controlled SQL Primary Key

6 CVEs Avg CVSS 5.6 MITRE
2
CRITICAL
0
HIGH
1
MEDIUM
3
LOW
1
POC
0
KEV

Monthly

CVE-2025-9953 CRITICAL Act Now

Authorization bypass via user-controlled SQL primary key in Databank Accreditation Software.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-56556 PHP LOW POC Monitor

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Subrion Cms
NVD GitHub
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-30369 LOW PATCH Monitor

Zulip is an open-source team collaboration tool. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zulip Server
NVD GitHub
CVSS 3.1
2.7
EPSS
0.2%
CVE-2025-30368 LOW PATCH Monitor

Zulip is an open-source team collaboration tool. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zulip
NVD GitHub
CVSS 3.1
2.7
EPSS
0.2%
CVE-2024-22261 Go MEDIUM PATCH This Month

SQL-Injection in Harbor allows priviledge users to leak the task IDs. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Harbor
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2014-0808 PHP CRITICAL PATCH Act Now

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ec Cube
NVD
CVSS 3.1
9.1
EPSS
0.4%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Authorization bypass via user-controlled SQL primary key in Databank Accreditation Software.

SQLi
NVD VulDB
EPSS 0% CVSS 3.8
LOW POC Monitor

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Subrion Cms
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Zulip is an open-source team collaboration tool. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zulip Server
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Zulip is an open-source team collaboration tool. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zulip
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

SQL-Injection in Harbor allows priviledge users to leak the task IDs. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Harbor
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ec Cube
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy