CWE-862 授权机制缺失 类弱点 5967 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-862 属于缺失授权漏洞,指产品在用户访问资源或执行操作时未进行权限校验。攻击者通常通过直接修改请求参数或构造恶意 URL,绕过前端限制以访问未授权数据或执行敏感操作。开发者应避免仅依赖前端验证,需在服务端对每个请求实施严格的身份认证与权限检查,确保用户仅能访问其被授权的资源,从而从根本上消除越权风险。
function runEmployeeQuery($dbName, $name){ mysql_select_db($dbName,$globalDbHandle) or die("Could not open Database".$dbName); //Use a prepared statement to avoid CWE-89 $preparedStatement = $globalDbHandle->prepare('SELECT * FROM employees WHERE name = :name'); $preparedStatement->execute(array(':name' => $name)); return $preparedStatement->fetchAll(); } /.../ $employeeRecord = runEmployeeQuery('EmployeeDB',$_GET['EmployeeName']);sub DisplayPrivateMessage { my($id) = @_; my $Message = LookupMessageObject($id); print "From: " . encodeHTML($Message->{from}) . "<br>\n"; print "Subject: " . encodeHTML($Message->{subject}) . "\n"; print "<hr>\n"; print "Body: " . encodeHTML($Message->{body}) . "\n"; } my $q = new CGI; # For purposes of this example, assume that CWE-309 and # CWE-523 do not apply. if (! AuthenticateUser($q->param('username'), $q->param('password'))) { ExitError("invalid username or password"); } my $id = $q->param('id'); DisplayPrivateMessage($id);| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2025-1214 | PiHome 安全漏洞 — PiHome | 6.3 | Medium | 2025-02-12 |
| CVE-2025-26378 | Q-Free MAXTIME Suite 安全漏洞 — MaxTime | 8.8 | High | 2025-02-12 |
| CVE-2025-26377 | Q-Free MAXTIME Suite 安全漏洞 — MaxTime | 8.1 | High | 2025-02-12 |
| CVE-2025-26376 | Q-Free MAXTIME Suite 安全漏洞 — MaxTime | 6.5 | Medium | 2025-02-12 |
| CVE-2025-26375 | Q-Free MAXTIME Suite 安全漏洞 — MaxTime | 8.8 | High | 2025-02-12 |
| CVE-2025-26374 | Q-Free MAXTIME Suite 安全漏洞 — MaxTime | 6.5 | Medium | 2025-02-12 |
| CVE-2025-26373 | Q-Free MAXTIME Suite 安全漏洞 — MaxTime | 6.5 | Medium | 2025-02-12 |
| CVE-2025-26372 | Q-Free MAXTIME Suite 安全漏洞 — MaxTime | 7.1 | High | 2025-02-12 |
| CVE-2025-26371 | Q-Free MAXTIME Suite 安全漏洞 — MaxTime | 8.8 | High | 2025-02-12 |
| CVE-2025-26370 | Q-Free MAXTIME Suite 安全漏洞 — MaxTime | 7.1 | High | 2025-02-12 |
| CVE-2025-26369 | Q-Free MAXTIME Suite 安全漏洞 — MaxTime | 8.8 | High | 2025-02-12 |
| CVE-2025-26368 | Q-Free MAXTIME Suite 安全漏洞 — MaxTime | 8.1 | High | 2025-02-12 |
| CVE-2025-26367 | Q-Free MAXTIME Suite 安全漏洞 — MaxTime | 4.3 | Medium | 2025-02-12 |
| CVE-2024-12296 | WordPress plugin Apus Framework 安全漏洞 — Apus Framework | 8.8 | High | 2025-02-12 |
| CVE-2024-13374 | WordPress plugin WP Table Manager 安全漏洞 — WP Table Manager | 4.3 | Medium | 2025-02-12 |
| CVE-2024-13656 | WordPress plugin Click Mag 安全漏洞 — Click Mag - Viral WordPress News Magazine/Blog Theme | 8.1 | High | 2025-02-12 |
| CVE-2024-13654 | WordPress plugin ZoxPress 安全漏洞 — ZoxPress - The All-In-One WordPress News Theme | 8.1 | High | 2025-02-12 |
| CVE-2024-13653 | WordPress plugin ZoxPress 安全漏洞 — ZoxPress - The All-In-One WordPress News Theme | 8.8 | High | 2025-02-12 |
| CVE-2024-12164 | WordPress plugin WPSyncSheets Lite For WPForms 安全漏洞 — WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export | 4.3 | Medium | 2025-02-12 |
| CVE-2024-13800 | WordPress plugin ConvertPlus 安全漏洞 — ConvertPlus | 8.1 | High | 2025-02-12 |
| CVE-2024-13769 | WordPress plugin Puzzles 安全漏洞 — Puzzles | WP Magazine / Review with Store WordPress Theme + RTL | 6.4 | Medium | 2025-02-12 |
| CVE-2024-13541 | WordPress plugin aDirectory 安全漏洞 — aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory | 4.3 | Medium | 2025-02-12 |
| CVE-2024-13554 | WordPress plugin Ultimate WordPress Toolkit 安全漏洞 — The Ultimate WordPress Toolkit – WP Extended | 5.3 | Medium | 2025-02-12 |
| CVE-2024-13643 | WordPress plugin Zox News 安全漏洞 — Zox News - Professional WordPress News & Magazine Theme | 8.8 | High | 2025-02-11 |
| CVE-2025-25241 | SAP Fiori 安全漏洞 — SAP Fiori Apps Reference Library (My Overtime Requests) | 5.4 | Medium | 2025-02-11 |
| CVE-2025-23190 | SAP NetWeaver Server ABAP 安全漏洞 — SAP NetWeaver and ABAP platform (ST-PI) | 4.3 | Medium | 2025-02-11 |
| CVE-2025-23189 | SAP NetWeaver和ABAP Platform 安全漏洞 — SAP NetWeaver and ABAP Platform (SDCCN) | 4.3 | Medium | 2025-02-11 |
| CVE-2025-23187 | SAP NetWeaver和SAP ABAP Platform 安全漏洞 — SAP NetWeaver and ABAP Platform (SDCCN) | 5.3 | Medium | 2025-02-11 |
| CVE-2025-25167 | WordPress plugin BookPress – For Book Authors 安全漏洞 — BookPress – For Book Authors | 8.2 | High | 2025-02-07 |
| CVE-2025-25120 | WordPress plugin Slide Banners 安全漏洞 — Slide Banners | 4.3 | Medium | 2025-02-07 |
CWE-862(授权机制缺失) 是常见的弱点类别,本平台收录该类弱点关联的 5967 条 CVE 漏洞。