CWE-862 授权机制缺失 类弱点 5925 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-862 属于缺失授权漏洞,指产品在用户访问资源或执行操作时未进行权限校验。攻击者通常通过直接修改请求参数或构造恶意 URL,绕过前端限制以访问未授权数据或执行敏感操作。开发者应避免仅依赖前端验证,需在服务端对每个请求实施严格的身份认证与权限检查,确保用户仅能访问其被授权的资源,从而从根本上消除越权风险。
function runEmployeeQuery($dbName, $name){ mysql_select_db($dbName,$globalDbHandle) or die("Could not open Database".$dbName); //Use a prepared statement to avoid CWE-89 $preparedStatement = $globalDbHandle->prepare('SELECT * FROM employees WHERE name = :name'); $preparedStatement->execute(array(':name' => $name)); return $preparedStatement->fetchAll(); } /.../ $employeeRecord = runEmployeeQuery('EmployeeDB',$_GET['EmployeeName']);sub DisplayPrivateMessage { my($id) = @_; my $Message = LookupMessageObject($id); print "From: " . encodeHTML($Message->{from}) . "<br>\n"; print "Subject: " . encodeHTML($Message->{subject}) . "\n"; print "<hr>\n"; print "Body: " . encodeHTML($Message->{body}) . "\n"; } my $q = new CGI; # For purposes of this example, assume that CWE-309 and # CWE-523 do not apply. if (! AuthenticateUser($q->param('username'), $q->param('password'))) { ExitError("invalid username or password"); } my $id = $q->param('id'); DisplayPrivateMessage($id);| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2024-39592 | SAP PDCE 安全漏洞 — SAP PDCE | 7.7 | High | 2024-07-09 |
| CVE-2024-5855 | WordPress plugin Media Hygiene 安全漏洞 — Media Hygiene: Remove or Delete Unused Images and More! | 4.3 | Medium | 2024-07-09 |
| CVE-2024-37542 | WordPress plugin Responsive Image Gallery 安全漏洞 — Responsive Image Gallery, Gallery Album | 5.4 | Medium | 2024-07-06 |
| CVE-2024-37903 | Mastodon 安全漏洞 — mastodon | 8.2 | High | 2024-07-05 |
| CVE-2024-5641 | WordPress plugin One Click Order Re-Order 安全漏洞 — One Click Order Re-Order | 6.4 | Medium | 2024-07-04 |
| CVE-2024-36113 | Discourse 安全漏洞 — discourse | 4.9 | Medium | 2024-07-03 |
| CVE-2024-6088 | WordPress plugin LearnPress 安全漏洞 — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | 5.3 | Medium | 2024-07-02 |
| CVE-2024-6012 | WordPress plugin Cost Calculator Builder 安全漏洞 — Cost Calculator Builder | 4.3 | Medium | 2024-07-02 |
| CVE-2024-5545 | WordPress plugin Motors 安全漏洞 — Motors – Car Dealership & Classified Listings Plugin | 5.3 | Medium | 2024-07-02 |
| CVE-2024-36995 | 部分Splunk产品 安全漏洞 — Splunk Enterprise | 4.3 | Medium | 2024-07-01 |
| CVE-2024-5864 | WordPress plugin Easy Affiliate Links 安全漏洞 — Easy Affiliate Links | 4.3 | Medium | 2024-06-28 |
| CVE-2024-5863 | WordPress plugin Easy Image Collage 安全漏洞 — Easy Image Collage | 5.4 | Medium | 2024-06-28 |
| CVE-2024-6071 | Creo Elements/Direct 安全漏洞 — Creo Elements/Direct License | 10.0 | Critical | 2024-06-27 |
| CVE-2024-2882 | SDG Technologies PnPSCADA 安全漏洞 — PnPSCADA | 9.8AI | CriticalAI | 2024-06-27 |
| CVE-2024-5710 | LiteLLM 访问控制错误漏洞 — berriai/litellm | 9.1AI | CriticalAI | 2024-06-27 |
| CVE-2024-5820 | devika 安全漏洞 — stitionai/devika | 9.8AI | CriticalAI | 2024-06-27 |
| CVE-2024-3115 | GitLab 信息泄露漏洞 — GitLab | 4.3 | Medium | 2024-06-26 |
| CVE-2024-6303 | Conduit 安全漏洞 — Conduit | 9.9 | Critical | 2024-06-25 |
| CVE-2024-3249 | WordPress Plugin Zita Elementor Site Library安全漏洞 — Zita Site Library for Elementor | 4.3 | Medium | 2024-06-25 |
| CVE-2024-37111 | WordPress Plugin WishList Member X 安全漏洞 — WishList Member X | 7.5 | High | 2024-06-24 |
| CVE-2024-6120 | WordPress plugin Sparkle Demo Importer 安全漏洞 — Sparkle Demo Importer | 6.5 | Medium | 2024-06-21 |
| CVE-2023-51375 | WordPress plugin EmbedPress 安全漏洞 — EmbedPress | 4.3 | Medium | 2024-06-21 |
| CVE-2022-45803 | WordPress plugin Gutenberg Forms 安全漏洞 — WordPress Form Builder Plugin – Gutenberg Forms | 6.5 | Medium | 2024-06-21 |
| CVE-2022-43453 | WordPress plugin WP Tools 安全漏洞 — WP Tools | 8.8 | High | 2024-06-21 |
| CVE-2024-3961 | WordPress plugin ConvertKit 安全漏洞 — Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages | 5.3 | Medium | 2024-06-21 |
| CVE-2023-3352 | WordPress plugin Smush 安全漏洞 — Smush – Image Optimization, Compression, Lazy Load, WebP & CDN | 4.3 | Medium | 2024-06-21 |
| CVE-2024-1639 | WordPress plugin License Manager for WooCommerce 安全漏洞 — License Manager for WooCommerce | 6.5 | Medium | 2024-06-21 |
| CVE-2024-1955 | WordPress plugin Hide Dashboard Notifications 安全漏洞 — Hide Dashboard Notifications | 4.3 | Medium | 2024-06-21 |
| CVE-2024-3610 | WordPress plugin WP Child Theme Generator 安全漏洞 — WP Child Theme Generator | 5.3 | Medium | 2024-06-21 |
| CVE-2023-3204 | WordPress theme Materialis 安全漏洞 — Materialis | 6.5 | Medium | 2024-06-20 |
CWE-862(授权机制缺失) 是常见的弱点类别,本平台收录该类弱点关联的 5925 条 CVE 漏洞。