CVEbaza.plCWE DictionaryCWE-425
Common Weakness Enumeration

CWE-425

Direct Request ('Forced Browsing')

Category: BaseCVE: 265
Description

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

CVE vulnerabilities with CWE-425 (265)
10.0
CVSS
CRITICAL
CVE-2018-3774

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

pub. 2018-08-12
9.8
CVSS
CRITICAL
CVE-2022-43110

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices. This extends to being able to configure operating system commands that should run if the system detects a connected UPS shutting down.

pub. 2025-08-22
9.8
CVSS
CRITICAL
CVE-2025-26689

Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.

pub. 2025-03-31
9.8
CVSS
CRITICAL
CVE-2024-24592

Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files.

pub. 2024-02-06
9.8
CVSS
CRITICAL
CVE-2024-0204

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

pub. 2024-01-22
9.8
CVSS
CRITICAL
CVE-2022-45276

An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.

pub. 2022-11-23
9.8
CVSS
CRITICAL
CVE-2022-26279

EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.

pub. 2022-03-24
9.8
CVSS
CRITICAL
CVE-2021-36560

Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin.

pub. 2021-11-02
9.8
CVSS
CRITICAL
CVE-2021-36745

A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations.

pub. 2021-09-29
9.8
CVSS
CRITICAL
CVE-2021-24215

An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.

pub. 2021-04-12
9.8
CVSS
CRITICAL
CVE-2019-12768

An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing.

pub. 2020-12-30
9.8
CVSS
CRITICAL
CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package.

pub. 2020-09-14
9.8
CVSS
CRITICAL
CVE-2020-24203

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.

pub. 2020-08-27
9.8
CVSS
CRITICAL
CVE-2019-16340

Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.

pub. 2019-11-21
9.8
CVSS
CRITICAL
CVE-2019-9584

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages.

pub. 2019-08-14
9.8
CVSS
CRITICAL
CVE-2019-9884

eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.

pub. 2019-07-25
9.8
CVSS
CRITICAL
CVE-2019-9552

Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI.

pub. 2019-03-04
9.8
CVSS
CRITICAL
CVE-2019-7736

D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101.

pub. 2019-02-11
9.8
CVSS
CRITICAL
CVE-2018-18922

add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.

pub. 2018-12-13
9.8
CVSS
CRITICAL
CVE-2018-19207

The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.

pub. 2018-11-12
Showing 20 of 265 vulnerabilities
Information
ID: CWE-425
Type: Base
Vulnerabilities: 265
MITRE CWE ↗
← CWE Dictionary