目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-639 通过用户控制密钥绕过授权机制 类漏洞列表 1237

CWE-639 通过用户控制密钥绕过授权机制 类弱点 1237 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-639 属于授权绕过漏洞,指系统依赖用户可控的键值检索数据时,未验证该键值是否属于当前请求用户。攻击者通过篡改标识符(如ID),直接访问其他用户的数据记录。开发者应避免使用直接暴露的键值,转而采用间接引用或会话上下文验证,确保每次数据访问前严格校验资源归属权,从而防止越权访问。

MITRE CWE 官方描述
CWE:CWE-639 通过用户可控密钥绕过授权(Authorization Bypass Through User-Controlled Key) 英文:系统的授权功能未能阻止用户通过修改标识数据的密钥值,从而获取其他用户的数据或记录。 系统中基于某个受用户控制的密钥值来检索用户记录。该密钥通常用于标识系统中存储的与用户相关的记录,并用于查找该记录以呈现给用户。攻击者很可能需要是系统中的已认证用户。然而,授权过程未能正确检查数据访问操作,以确保执行该操作的已认证用户拥有执行所请求数据访问的足够权限,从而绕过了系统中存在的任何其他授权检查。例如,攻击者可以查看检索特定用户数据的位置(例如搜索界面),并确定正在查找的项目的密钥是否可外部控制。该密钥可能是 HTML 表单中的隐藏字段,也可能作为 URL 参数或未加密的 Cookie 变量传递,在这些情况下,都有可能篡改密钥值。这种弱点的一种表现形式是,当系统使用顺序生成或易于猜测的会话 ID(Session IDs)时,允许一个用户轻松切换到另一个用户的会话并读取/修改其数据。
常见影响 (3)
Access ControlBypass Protection Mechanism
Access control checks for specific user data or functionality can be bypassed.
Access ControlGain Privileges or Assume Identity
Horizontal escalation of privilege is possible (one user can view/modify information of another user).
Access ControlGain Privileges or Assume Identity
Vertical escalation of privilege is possible if the user-controlled key is actually a flag that indicates administrator status, allowing the attacker to gain administrative access.
缓解措施 (3)
Architecture and DesignFor each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Architecture and Design, ImplementationMake sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Architecture and DesignUse encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
代码示例 (1)
The following code uses a parameterized statement, which escapes metacharacters and prevents SQL injection vulnerabilities, to construct and execute a SQL query that searches for an invoice matching the specified identifier [1]. The identifier is selected from a list of all invoices associated with the current authenticated user.
... conn = new SqlConnection(_ConnectionString); conn.Open(); int16 id = System.Convert.ToInt16(invoiceID.Text); SqlCommand query = new SqlCommand( "SELECT * FROM invoices WHERE id = @id", conn); query.Parameters.AddWithValue("@id", id); SqlDataReader objReader = objCommand.ExecuteReader(); ...
Bad · C#
CVE ID标题CVSS风险等级Published
CVE-2026-56215 Capgo SSO用户合并漏洞 — Capgo 8.3 High2026-06-20
CVE-2026-54105 U.S. GAO EPDS与CBCA EDS用户信息泄露漏洞 — Electronic Protest Docketing System (EPDS) 5.3 Medium2026-06-18
CVE-2026-12102 UsersWP ≤ 1.2.63 IDOR漏洞 — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP 2.7 Low2026-06-18
CVE-2026-10623 PressPrimer Quiz 2.3.0 任意修改漏洞 — PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin 4.3 Medium2026-06-18
CVE-2026-10023 Dokan 5.0.3 越权修改订单漏洞 — Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy 4.3 Medium2026-06-18
CVE-2026-48759 baptisteArno typebot.io 授权问题漏洞 — typebot.io 7.1 High2026-06-17
CVE-2026-55198 Nathan Esquenazi Hermes WebUI 授权问题漏洞 — hermes-webui 6.5 Medium2026-06-17
CVE-2026-55197 Nathan Esquenazi Hermes WebUI 授权问题漏洞 — hermes-webui 6.5 Medium2026-06-17
CVE-2025-15657 Mojoomla School Management 授权问题漏洞 — School Management 5.3 Medium2026-06-17
CVE-2026-54184 WordPress Clean Login插件<=1.15 越权漏洞 — Clean Login 8.2 High2026-06-17
CVE-2026-40768 WordPress Salon Booking System 10.30.24 IDOR漏洞 — Salon booking system 7.3 High2026-06-17
CVE-2026-53863 OpenClaw < 2026.4.25 工具组策略中未验证的组ID接受漏洞 — OpenClaw 7.1 High2026-06-16
CVE-2026-10780 Static Block <=2.2 短代码ID属性越权访问敏感信息 — Static Block 4.3 Medium2026-06-16
CVE-2026-48599 elixir-grpc gRPC Elixir 授权问题漏洞 — grpc--2026-06-15
CVE-2026-52699 e4jvikwp VikRentCar 授权问题漏洞 — VikRentCar 7.5 High2026-06-15
CVE-2026-48872 WPDeveloper EmbedPress 授权问题漏洞 — EmbedPress 7.5 High2026-06-15
CVE-2026-48868 mra13 / Team Tips and Tricks HQ Simple Shopping Cart 授权问题漏洞 — Simple Shopping Cart 7.5 High2026-06-15
CVE-2026-40792 Iqonic Design KiviCare 授权问题漏洞 — KiviCare 6.3 Medium2026-06-15
CVE-2026-39518 EventPrime 授权问题漏洞 — EventPrime 7.1 High2026-06-15
CVE-2025-59133 projectopia 授权问题漏洞 — Projectopia 7.5 High2026-06-15
CVE-2026-12204 shopxo 授权问题漏洞 — ShopXO 7.3 High2026-06-15
CVE-2026-1291 tigroumeow Meow Gallery 授权问题漏洞 — Meow Gallery 4.3 Medium2026-06-13
CVE-2026-54361 MISP 授权问题漏洞 — misp--2026-06-12
CVE-2026-54360 MISP 授权问题漏洞 — misp--2026-06-12
CVE-2026-53726 Parse Platform parse server 授权问题漏洞 — parse-server--2026-06-12
CVE-2026-42947 Naxclow Smart Doorbell X3 授权问题漏洞 — Smart Doorbell X3 8.8 High2026-06-12
CVE-2026-45832 Chroma ChromaDB 授权问题漏洞 — ChromaDB--2026-06-12
CVE-2026-8828 ChromaDB 授权问题漏洞 — ChromaDB--2026-06-12
CVE-2026-45830 Chroma ChromaDB 授权问题漏洞 — ChromaDB--2026-06-12
CVE-2026-44207 Frappe 授权问题漏洞 — frappe--2026-06-12

CWE-639(通过用户控制密钥绕过授权机制) 是常见的弱点类别,本平台收录该类弱点关联的 1237 条 CVE 漏洞。