CWE-862 授权机制缺失 类弱点 5967 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-862 属于缺失授权漏洞,指产品在用户访问资源或执行操作时未进行权限校验。攻击者通常通过直接修改请求参数或构造恶意 URL,绕过前端限制以访问未授权数据或执行敏感操作。开发者应避免仅依赖前端验证,需在服务端对每个请求实施严格的身份认证与权限检查,确保用户仅能访问其被授权的资源,从而从根本上消除越权风险。
function runEmployeeQuery($dbName, $name){ mysql_select_db($dbName,$globalDbHandle) or die("Could not open Database".$dbName); //Use a prepared statement to avoid CWE-89 $preparedStatement = $globalDbHandle->prepare('SELECT * FROM employees WHERE name = :name'); $preparedStatement->execute(array(':name' => $name)); return $preparedStatement->fetchAll(); } /.../ $employeeRecord = runEmployeeQuery('EmployeeDB',$_GET['EmployeeName']);sub DisplayPrivateMessage { my($id) = @_; my $Message = LookupMessageObject($id); print "From: " . encodeHTML($Message->{from}) . "<br>\n"; print "Subject: " . encodeHTML($Message->{subject}) . "\n"; print "<hr>\n"; print "Body: " . encodeHTML($Message->{body}) . "\n"; } my $q = new CGI; # For purposes of this example, assume that CWE-309 and # CWE-523 do not apply. if (! AuthenticateUser($q->param('username'), $q->param('password'))) { ExitError("invalid username or password"); } my $id = $q->param('id'); DisplayPrivateMessage($id);| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2025-6253 | WordPress plugin UiCore Elements 安全漏洞 — UiCore Elements – Free widgets and templates for Elementor | 7.5 | High | 2025-08-12 |
| CVE-2025-8059 | WordPress plugin B Blocks 安全漏洞 — bBlocks – Essential Gutenberg Blocks & Patterns Collection | 9.8 | Critical | 2025-08-12 |
| CVE-2025-42955 | SAP Cloud Connector 安全漏洞 — SAP Cloud Connector | 3.5 | Low | 2025-08-12 |
| CVE-2025-42949 | SAP ABAP Platform 安全漏洞 — ABAP Platform | 4.9 | Medium | 2025-08-12 |
| CVE-2025-8285 | Mattermost Confluence Plugin 安全漏洞 — Mattermost Confluence Plugin | 4.0 | Medium | 2025-08-11 |
| CVE-2025-54458 | Mattermost Confluence Plugin 安全漏洞 — Mattermost Confluence Plugin | 5.0 | Medium | 2025-08-11 |
| CVE-2025-53910 | Mattermost Confluence Plugin 安全漏洞 — Mattermost Confluence Plugin | 4.0 | Medium | 2025-08-11 |
| CVE-2025-53857 | Mattermost Confluence Plugin 安全漏洞 — Mattermost Confluence Plugin | 3.7 | Low | 2025-08-11 |
| CVE-2025-49221 | Mattermost Confluence Plugin 安全漏洞 — Mattermost Confluence Plugin | 3.7 | Low | 2025-08-11 |
| CVE-2025-48731 | Mattermost Confluence Plugin 安全漏洞 — Mattermost Confluence Plugin | 6.4 | Medium | 2025-08-11 |
| CVE-2025-44001 | Mattermost Confluence Plugin 安全漏洞 — Mattermost Confluence Plugin | 4.0 | Medium | 2025-08-11 |
| CVE-2025-8807 | tianti 安全漏洞 — tianti 天梯 | 6.3 | Medium | 2025-08-10 |
| CVE-2025-8796 | LitmusChaos 安全漏洞 — Litmus | 5.4 | Medium | 2025-08-10 |
| CVE-2025-8595 | WordPress plugin Zakra 安全漏洞 — Zakra | 4.3 | Medium | 2025-08-06 |
| CVE-2025-41698 | Dräger ICMHelper 安全漏洞 — Draeger ICMHelper | 7.8 | High | 2025-08-05 |
| CVE-2025-6205 | Dassault Systèmes DELMIA Apriso 安全漏洞 — DELMIA Apriso | 9.1 | Critical | 2025-08-04 |
| CVE-2025-8488 | WordPress plugin Ultimate Addons for Elementor 安全漏洞 — Ultimate Addons for Elementor | 4.3 | Medium | 2025-08-02 |
| CVE-2025-8152 | WordPress plugin WP CTA 安全漏洞 — WP CTA – Call Now Button, Sticky Button & Call to Action Builder | 5.3 | Medium | 2025-08-02 |
| CVE-2025-6754 | WordPress plugin SEO Metrics 安全漏洞 — SEO Metrics | 8.8 | High | 2025-08-02 |
| CVE-2025-8435 | Code-Projects Online Movie Streaming 安全漏洞 — Online Movie Streaming | 7.3 | High | 2025-08-01 |
| CVE-2025-8434 | Code-Projects Online Movie Streaming 安全漏洞 — Online Movie Streaming | 7.3 | High | 2025-08-01 |
| CVE-2025-46811 | SUSE Manager 访问控制错误漏洞 — Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 | 9.8 | Critical | 2025-07-30 |
| CVE-2025-8322 | Ventem e-School 安全漏洞 — e-School | 8.8 | High | 2025-07-30 |
| CVE-2025-7689 | WordPress plugin Hydra Booking 安全漏洞 — Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings | 8.8 | High | 2025-07-29 |
| CVE-2025-6730 | WordPress plugin Bonanza – WooCommerce Free Gifts Lite 安全漏洞 — Bonanza – WooCommerce Free Gifts Lite | 4.3 | Medium | 2025-07-29 |
| CVE-2025-4370 | WordPress plugin Brizy 安全漏洞 — Brizy – Page Builder | 5.3 | Medium | 2025-07-29 |
| CVE-2023-7306 | WordPress plugin Frontend File Manager Plugin 安全漏洞 — Frontend File Manager Plugin | 7.5 | High | 2025-07-25 |
| CVE-2025-5835 | WordPress plugin Droip 安全漏洞 — Droip | 8.8 | High | 2025-07-25 |
| CVE-2015-10143 | WordPress plugin Platform 安全漏洞 — Platform | 9.8 | Critical | 2025-07-25 |
| CVE-2025-7695 | WordPress plugin Dataverse Integration 安全漏洞 — Dataverse Integration | 8.8 | High | 2025-07-24 |
CWE-862(授权机制缺失) 是常见的弱点类别,本平台收录该类弱点关联的 5967 条 CVE 漏洞。