CWE-862 授权机制缺失 类弱点 5804 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-862 属于缺失授权漏洞,指产品在用户访问资源或执行操作时未进行权限校验。攻击者通常通过直接修改请求参数或构造恶意 URL,绕过前端限制以访问未授权数据或执行敏感操作。开发者应避免仅依赖前端验证,需在服务端对每个请求实施严格的身份认证与权限检查,确保用户仅能访问其被授权的资源,从而从根本上消除越权风险。
function runEmployeeQuery($dbName, $name){ mysql_select_db($dbName,$globalDbHandle) or die("Could not open Database".$dbName); //Use a prepared statement to avoid CWE-89 $preparedStatement = $globalDbHandle->prepare('SELECT * FROM employees WHERE name = :name'); $preparedStatement->execute(array(':name' => $name)); return $preparedStatement->fetchAll(); } /.../ $employeeRecord = runEmployeeQuery('EmployeeDB',$_GET['EmployeeName']);sub DisplayPrivateMessage { my($id) = @_; my $Message = LookupMessageObject($id); print "From: " . encodeHTML($Message->{from}) . "<br>\n"; print "Subject: " . encodeHTML($Message->{subject}) . "\n"; print "<hr>\n"; print "Body: " . encodeHTML($Message->{body}) . "\n"; } my $q = new CGI; # For purposes of this example, assume that CWE-309 and # CWE-523 do not apply. if (! AuthenticateUser($q->param('username'), $q->param('password'))) { ExitError("invalid username or password"); } my $id = $q->param('id'); DisplayPrivateMessage($id);| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2024-1324 | WordPress plugin QQWorld Auto Save Images 安全漏洞 — QQWorld Auto Save Images | 5.3 | Medium | 2024-06-01 |
| CVE-2024-36246 | Yokogawa Rental & Lease Unifier 安全漏洞 — Unifier | 7.8AI | HighAI | 2024-05-31 |
| CVE-2024-4205 | WordPress plugin Premium Addons for Elementor 安全漏洞 — Premium Addons for Elementor – Powerful Elementor Templates & Widgets | 4.3 | Medium | 2024-05-31 |
| CVE-2024-5326 | WordPress plugin PostX 安全漏洞 — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | 8.8 | High | 2024-05-30 |
| CVE-2024-4427 | WordPress plugin Comparison Slider 安全漏洞 — Comparison Slider | 4.3 | Medium | 2024-05-30 |
| CVE-2024-4355 | WordPress plugin stopbadbots 安全漏洞 — Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection | 4.3 | Medium | 2024-05-30 |
| CVE-2024-4422 | WordPress plugin Comparison Slider 安全漏洞 — Comparison Slider | 6.4 | Medium | 2024-05-30 |
| CVE-2024-3277 | WordPress plugin Yumpu ePaper publishing 安全漏洞 — Yumpu E-Paper publishing | 5.0 | Medium | 2024-05-30 |
| CVE-2024-35237 | IdentiBot 安全漏洞 — mit-identibot | 7.5 | High | 2024-05-27 |
| CVE-2024-4858 | WordPress plugin Testimonial Carousel For Elementor 安全漏洞 — Testimonial Carousel For Elementor | 5.3 | Medium | 2024-05-25 |
| CVE-2024-5318 | GitLab Community Edition和GitLab Enterprise Edition 安全漏洞 — GitLab | 4.0 | Medium | 2024-05-24 |
| CVE-2024-0893 | WordPress plugin Schema App Structured Data 安全漏洞 — Schema App Structured Data | 4.3 | Medium | 2024-05-24 |
| CVE-2024-3711 | WordPress plugin Brizy Page Builder 安全漏洞 — Brizy – Page Builder | 4.3 | Medium | 2024-05-23 |
| CVE-2024-3626 | WordPress plugin Email Subscribers by Icegram Express 安全漏洞 — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | 4.3 | Medium | 2024-05-23 |
| CVE-2023-6325 | WordPress plugin RomethemeForm For Elementor 安全漏洞 — RTMForm Builder | 5.3 | Medium | 2024-05-23 |
| CVE-2024-20355 | Cisco 多款产品安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software | 5.0 | Medium | 2024-05-22 |
| CVE-2024-2036 | WordPress plugin ApplyOnline Application Form Builder and Manager 安全漏洞 — ApplyOnline – Application Form Builder and Manager | 4.3 | Medium | 2024-05-22 |
| CVE-2024-3663 | WordPress Plugin WP Scraper 安全漏洞 — WP Scraper | 4.3 | Medium | 2024-05-22 |
| CVE-2024-3268 | WordPress Plugin youtube-showcase 安全漏洞 — Video Gallery – YouTube Gallery & Responsive Video Playlist | 5.3 | Medium | 2024-05-21 |
| CVE-2024-4566 | WordPress Plugin ShopLentor 安全漏洞 — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | 7.1 | High | 2024-05-21 |
| CVE-2024-4875 | WordPress Plugin HT Mega–Absolute Addons For Elementor 安全漏洞 — HT Mega Addons for Elementor – Elementor Widgets & Template Builder | 4.3 | Medium | 2024-05-21 |
| CVE-2024-3761 | Lunary 安全漏洞 — lunary-ai/lunary | 8.2AI | HighAI | 2024-05-20 |
| CVE-2024-2782 | WordPress plugin Fluent Forms 安全漏洞 — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | 7.5 | High | 2024-05-18 |
| CVE-2024-2771 | WordPress plugin Fluent Forms 安全漏洞 — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | 9.8 | Critical | 2024-05-18 |
| CVE-2024-35174 | WordPress plugin Flo Forms 安全漏洞 — Flo Forms | 5.3 | Medium | 2024-05-17 |
| CVE-2024-32802 | WordPress plugin BP Better Messages 安全漏洞 — BP Better Messages | 5.3 | Medium | 2024-05-17 |
| CVE-2024-32692 | WordPress plugin Chauffeur Taxi Booking System 安全漏洞 — Chauffeur Taxi Booking System for WordPress | 8.2 | High | 2024-05-17 |
| CVE-2024-31281 | WordPress plugin Church Admin 安全漏洞 — Church Admin | 6.3 | Medium | 2024-05-17 |
| CVE-2023-34186 | WordPress plugin Headless CMS 安全漏洞 — Headless CMS | 5.3 | Medium | 2024-05-17 |
| CVE-2023-33321 | WordPress plugin EventPrime 安全漏洞 — EventPrime | 5.3 | Medium | 2024-05-17 |
CWE-862(授权机制缺失) 是常见的弱点类别,本平台收录该类弱点关联的 5804 条 CVE 漏洞。