Common Weakness Enumeration

CWE-425

Allowed

Direct Request ('Forced Browsing')

Abstraction: Base · Status: Incomplete

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

269 vulnerabilities reference this CWE, most recent first.

GHSA-4487-MJX5-9V4R

Vulnerability from github – Published: 2022-10-11 19:00 – Updated: 2022-10-12 12:00
VLAI
Details

A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-11T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.",
  "id": "GHSA-4487-mjx5-9v4r",
  "modified": "2022-10-12T12:00:22Z",
  "published": "2022-10-11T19:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42238"
    },
    {
      "type": "WEB",
      "url": "https://github.com/draco1725/localpriv/blob/main/poc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-44G9-QRMG-2WVF

Vulnerability from github – Published: 2022-10-20 19:00 – Updated: 2022-10-21 19:01
VLAI
Details

In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-20T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.",
  "id": "GHSA-44g9-qrmg-2wvf",
  "modified": "2022-10-21T19:01:10Z",
  "published": "2022-10-20T19:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42197"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ciph0x01/Simple-Exam-Reviewer-Management-System-CVE/blob/main/CVE-2022-42197.md"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45M2-RWC3-RQ9V

Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2022-05-13 01:08
VLAI
Details

Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-04T04:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI.",
  "id": "GHSA-45m2-rwc3-rq9v",
  "modified": "2022-05-13T01:08:19Z",
  "published": "2022-05-13T01:08:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9552"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lmy1342554547/p2pProject/issues/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-46XH-7854-F568

Vulnerability from github – Published: 2026-05-21 21:30 – Updated: 2026-06-24 20:57
VLAI
Summary
Concrete CMS is vulnerable to authorization bypass in the Calendar Block
Details

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_events does not check canView on the calendar which results in restricted event details being disclosed.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "concrete5/concrete5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-8205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-24T18:17:35Z",
    "nvd_published_at": "2026-05-21T21:16:33Z",
    "severity": "MODERATE"
  },
  "details": "Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_events does not check canView on the calendar\u00a0which results in restricted event details being disclosed.",
  "id": "GHSA-46xh-7854-f568",
  "modified": "2026-06-24T20:57:01Z",
  "published": "2026-05-21T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8205"
    },
    {
      "type": "WEB",
      "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/951-release-notes"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/concretecms/concretecms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Concrete CMS is vulnerable to authorization bypass in the Calendar Block"
}

GHSA-48J5-GRH5-3F4F

Vulnerability from github – Published: 2023-03-29 15:30 – Updated: 2023-04-05 03:30
VLAI
Details

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1663"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-29T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)",
  "id": "GHSA-48j5-grh5-3f4f",
  "modified": "2023-04-05T03:30:17Z",
  "published": "2023-03-29T15:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1663"
    },
    {
      "type": "WEB",
      "url": "https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663"
    },
    {
      "type": "WEB",
      "url": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4G2V-6X25-VR7P

Vulnerability from github – Published: 2022-04-10 00:00 – Updated: 2022-04-16 00:01
VLAI
Details

Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-09T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.",
  "id": "GHSA-4g2v-6x25-vr7p",
  "modified": "2022-04-16T00:01:22Z",
  "published": "2022-04-10T00:00:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28365"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2022/Apr/1"
    },
    {
      "type": "WEB",
      "url": "https://www.reprisesoftware.com/RELEASE_NOTES"
    },
    {
      "type": "WEB",
      "url": "https://www.reprisesoftware.com/products/software-license-management.php"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4PG2-JRCH-M6P4

Vulnerability from github – Published: 2024-03-05 12:30 – Updated: 2025-04-23 21:30
VLAI
Details

A CWE-862 “Missing Authorization” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-45596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-05T12:15:46Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-862 \u201cMissing Authorization\u201d vulnerability in the \u201cfile_configuration\u201d functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.",
  "id": "GHSA-4pg2-jrch-m6p4",
  "modified": "2025-04-23T21:30:31Z",
  "published": "2024-03-05T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45596"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45596"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-54R9-6X6G-2VFV

Vulnerability from github – Published: 2022-12-25 06:30 – Updated: 2023-01-06 21:30
VLAI
Details

Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42953"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-25T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210).",
  "id": "GHSA-54r9-6x6g-2vfv",
  "modified": "2023-01-06T21:30:41Z",
  "published": "2022-12-25T06:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42953"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2022/Oct/23"
    },
    {
      "type": "WEB",
      "url": "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55HG-77VH-978C

Vulnerability from github – Published: 2022-05-01 02:03 – Updated: 2022-05-01 02:03
VLAI
Details

FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2005-1892"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-06-09T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.",
  "id": "GHSA-55hg-77vh-978c",
  "modified": "2022-05-01T02:03:09Z",
  "published": "2022-05-01T02:03:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1892"
    },
    {
      "type": "WEB",
      "url": "http://flatnuke.sourceforge.net/index.php?mod=read\u0026id=1117979256"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/15603"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1014114"
    },
    {
      "type": "WEB",
      "url": "http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2005/0697"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-56FM-6JMC-6MVP

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36
VLAI
Details

A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-7541"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-11T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.",
  "id": "GHSA-56fm-6jmc-6mvp",
  "modified": "2022-05-24T17:36:07Z",
  "published": "2022-05-24T17:36:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7541"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design Operation

Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files.

Mitigation
Architecture and Design

Consider using MVC based frameworks such as Struts.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-143: Detect Unpublicized Web Pages

An adversary searches a targeted web site for web pages that have not been publicized. In doing this, the adversary may be able to gain access to information that the targeted site did not intend to make public.

CAPEC-144: Detect Unpublicized Web Services

An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.

CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)

An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.

CAPEC-87: Forceful Browsing

An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.