CWE-862 授权机制缺失 类弱点 5925 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-862 属于缺失授权漏洞,指产品在用户访问资源或执行操作时未进行权限校验。攻击者通常通过直接修改请求参数或构造恶意 URL,绕过前端限制以访问未授权数据或执行敏感操作。开发者应避免仅依赖前端验证,需在服务端对每个请求实施严格的身份认证与权限检查,确保用户仅能访问其被授权的资源,从而从根本上消除越权风险。
function runEmployeeQuery($dbName, $name){ mysql_select_db($dbName,$globalDbHandle) or die("Could not open Database".$dbName); //Use a prepared statement to avoid CWE-89 $preparedStatement = $globalDbHandle->prepare('SELECT * FROM employees WHERE name = :name'); $preparedStatement->execute(array(':name' => $name)); return $preparedStatement->fetchAll(); } /.../ $employeeRecord = runEmployeeQuery('EmployeeDB',$_GET['EmployeeName']);sub DisplayPrivateMessage { my($id) = @_; my $Message = LookupMessageObject($id); print "From: " . encodeHTML($Message->{from}) . "<br>\n"; print "Subject: " . encodeHTML($Message->{subject}) . "\n"; print "<hr>\n"; print "Body: " . encodeHTML($Message->{body}) . "\n"; } my $q = new CGI; # For purposes of this example, assume that CWE-309 and # CWE-523 do not apply. if (! AuthenticateUser($q->param('username'), $q->param('password'))) { ExitError("invalid username or password"); } my $id = $q->param('id'); DisplayPrivateMessage($id);| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2024-6599 | WordPress plugin Meks Video Importer 安全漏洞 — Meks Video Importer | 4.3 | Medium | 2024-07-18 |
| CVE-2024-6175 | WordPress plugin Booking Ultra Pro Appointments Booking Calendar 安全漏洞 — Booking Ultra Pro Appointments Booking Calendar Plugin | 5.4 | Medium | 2024-07-18 |
| CVE-2024-5703 | WordPress plugin Icegram Express 安全漏洞 — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | 4.3 | Medium | 2024-07-17 |
| CVE-2024-6033 | WordPress plugin Eventin 安全漏洞 — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | 4.3 | Medium | 2024-07-17 |
| CVE-2024-6621 | WordPress plugin RSS Aggregator 安全漏洞 — RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging | 4.3 | Medium | 2024-07-16 |
| CVE-2024-6579 | WordPress plugin Web and WooCommerce Addons for WPBakery Builder 安全漏洞 — Web and WooCommerce Addons for WPBakery Builder | 4.3 | Medium | 2024-07-16 |
| CVE-2024-1937 | WordPress plugin Brizy – Page Builder 安全漏洞 — Brizy – Page Builder | 7.1 | High | 2024-07-16 |
| CVE-2024-6465 | WordPress plugin WP Links Page 安全漏洞 — WP Links Page | 4.3 | Medium | 2024-07-13 |
| CVE-2024-37202 | WordPress plugin Custom Add To Cart Button 安全漏洞 — Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter | 6.5 | Medium | 2024-07-12 |
| CVE-2024-37544 | WordPress plugin Get Better Reviews for WooCommerce 安全漏洞 — Get Better Reviews for WooCommerce | 4.3 | Medium | 2024-07-12 |
| CVE-2024-6392 | WordPress plugin Sirv 安全漏洞 — Image Optimizer, Resizer and CDN – Sirv | 5.4 | Medium | 2024-07-11 |
| CVE-2024-39546 | Juniper Networks Junos OS Evolved 安全漏洞 — Junos OS Evolved | 7.3 | High | 2024-07-11 |
| CVE-2024-0619 | WordPress plugin Payflex Payment Gateway 安全漏洞 — Payflex Payment Gateway | 5.3 | Medium | 2024-07-11 |
| CVE-2024-5677 | WordPress plugin Featured Image Generator 安全漏洞 — Featured Image Generator | 4.3 | Medium | 2024-07-10 |
| CVE-2024-21417 | Microsoft Windows 安全漏洞 — Windows 10 Version 1809 | 8.8 | High | 2024-07-09 |
| CVE-2024-5669 | WordPress plugin XPlainer 安全漏洞 — Happy WooCommerce FAQs – Ultimate Product FAQ Plugin | 6.4 | Medium | 2024-07-09 |
| CVE-2024-6069 | WordPress plugin Registration Forms 安全漏洞 — Pie Register – User Registration, Profiles & Content Restriction | 8.8 | High | 2024-07-09 |
| CVE-2024-4102 | WordPress plugin Pricing Table 安全漏洞 — Pricing Table | 5.4 | Medium | 2024-07-09 |
| CVE-2024-5992 | WordPress plugin Cliengo – Chatbot 安全漏洞 — Cliengo – Chatbot | 6.5 | Medium | 2024-07-09 |
| CVE-2024-5648 | WordPress plugin LearnDash LMS 安全漏洞 — LearnDash LMS – Reports | 5.4 | Medium | 2024-07-09 |
| CVE-2024-5856 | WordPress plugin Comment Images Reloaded 安全漏洞 — Comment Images Reloaded | 4.3 | Medium | 2024-07-09 |
| CVE-2024-5600 | WordPress plugin SCSS Happy Compiler 安全漏洞 — SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue | 5.4 | Medium | 2024-07-09 |
| CVE-2024-3608 | WordPress plugin Product Designer 安全漏洞 — PickPlugins Product Designer for WooCommerce | 5.3 | Medium | 2024-07-09 |
| CVE-2024-5704 | WordPress plugin XPlainer 安全漏洞 — Happy WooCommerce FAQs – Ultimate Product FAQ Plugin | 4.3 | Medium | 2024-07-09 |
| CVE-2024-6167 | WordPress plugin Just Custom Fields 安全漏洞 — Just Custom Fields | 4.3 | Medium | 2024-07-09 |
| CVE-2024-5993 | WordPress plugin Cliengo – Chatbot 安全漏洞 — Cliengo – Chatbot | 5.4 | Medium | 2024-07-09 |
| CVE-2024-6180 | WordPress plugin EventON 安全漏洞 — EventON – Events Calendar | 7.2 | High | 2024-07-09 |
| CVE-2024-39596 | SAP Enable Now 安全漏洞 — SAP Enable Now | 4.3 | Medium | 2024-07-09 |
| CVE-2024-37172 | SAP S/4HANA 安全漏洞 — SAP S/4HANA Finance (Advanced Payment Management) | 5.4 | Medium | 2024-07-09 |
| CVE-2024-37175 | SAP CRM 安全漏洞 — SAP CRM WebClient UI | 4.3 | Medium | 2024-07-09 |
CWE-862(授权机制缺失) 是常见的弱点类别,本平台收录该类弱点关联的 5925 条 CVE 漏洞。