CWE-566
Authorization Bypass Through User-Controlled SQL Primary Key
The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.
CVE-2024-13152 (GCVE-0-2024-13152)
Vulnerability from cvelistv5
Published
2025-02-14 13:01
Modified
2025-02-14 13:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-566 - Authorization Bypass Through User-Controlled SQL Primary Key
Summary
Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BSS Software | Mobuy Online Machinery Monitoring Panel |
Version: 0 < 2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T13:22:13.386187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T13:28:46.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mobuy Online Machinery Monitoring Panel",
"vendor": "BSS Software",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yunus ORNEK"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.\u003cp\u003eThis issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-566",
"description": "CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T13:01:44.625Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0033"
}
],
"source": {
"advisory": "TR-25-0033",
"defect": [
"TR-25-0033"
],
"discovery": "UNKNOWN"
},
"title": "SQLi in BSS Software\u0027s Mobuy Online Machinery Monitoring Panel",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-13152",
"datePublished": "2025-02-14T13:01:44.625Z",
"dateReserved": "2025-01-06T14:08:18.476Z",
"dateUpdated": "2025-02-14T13:28:46.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22261 (GCVE-0-2024-22261)
Vulnerability from cvelistv5
Published
2024-06-10 23:25
Modified
2024-08-01 22:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
SQL-Injection in Harbor allows priviledge users to leak the task IDs
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T19:29:24.478745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T20:26:08.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Harbor",
"product": "Harbor",
"repo": "https://github.com/goharbor",
"vendor": "Harbor",
"versions": [
{
"lessThanOrEqual": "2.8.5",
"status": "affected",
"version": "2.8.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.9.3",
"status": "affected",
"version": "2.9.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.10.1",
"status": "affected",
"version": "2.10.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eSQL-Injection in Harbor allows priviledge users to leak the task IDs\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "SQL-Injection in Harbor allows priviledge users to leak the task IDs"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-566",
"description": "CWE-566",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T23:25:32.158Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection in Harbor scan log API",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22261",
"datePublished": "2024-06-10T23:25:32.158Z",
"dateReserved": "2024-01-08T18:43:17.077Z",
"dateUpdated": "2024-08-01T22:43:34.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30368 (GCVE-0-2025-30368)
Vulnerability from cvelistv5
Published
2025-03-31 16:26
Modified
2025-03-31 18:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-566 - Authorization Bypass Through User-Controlled SQL Primary Key
Summary
Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T18:59:21.551099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T18:59:32.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zulip",
"vendor": "zulip",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0-beta1, \u003c 10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-566",
"description": "CWE-566: Authorization Bypass Through User-Controlled SQL Primary Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:26:48.673Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-rmhr-5ffq-qcrc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-rmhr-5ffq-qcrc"
},
{
"name": "https://github.com/zulip/zulip/commit/07dcee36b2a34d63429d7a706f880628cf3433df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/commit/07dcee36b2a34d63429d7a706f880628cf3433df"
},
{
"name": "https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-10-1",
"tags": [
"x_refsource_MISC"
],
"url": "https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-10-1"
}
],
"source": {
"advisory": "GHSA-rmhr-5ffq-qcrc",
"discovery": "UNKNOWN"
},
"title": "Zulip allows the deletion of organization by administrators of a different organization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30368",
"datePublished": "2025-03-31T16:26:48.673Z",
"dateReserved": "2025-03-21T14:12:06.271Z",
"dateUpdated": "2025-03-31T18:59:32.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30369 (GCVE-0-2025-30369)
Vulnerability from cvelistv5
Published
2025-03-31 16:32
Modified
2025-03-31 18:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-566 - Authorization Bypass Through User-Controlled SQL Primary Key
Summary
Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete custom profile fields belonging to a different organization. This is fixed in Zulip Server 10.1.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T18:17:29.130540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T18:17:38.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zulip",
"vendor": "zulip",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete custom profile fields belonging to a different organization. This is fixed in Zulip Server 10.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-566",
"description": "CWE-566: Authorization Bypass Through User-Controlled SQL Primary Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:32:54.301Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-fcgx-q63f-7gw4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-fcgx-q63f-7gw4"
}
],
"source": {
"advisory": "GHSA-fcgx-q63f-7gw4",
"discovery": "UNKNOWN"
},
"title": "Zulip allows the deletion of Custom profile fields by administrators of a different organization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30369",
"datePublished": "2025-03-31T16:32:54.301Z",
"dateReserved": "2025-03-21T14:12:06.272Z",
"dateUpdated": "2025-03-31T18:17:38.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Description:
- Assume all input is malicious. Use a standard input validation mechanism to validate all input for length, type, syntax, and business rules before accepting the data. Use an "accept known good" validation strategy.
Mitigation
Phase: Implementation
Description:
- Use a parameterized query AND make sure that the accepted values conform to the business rules. Construct your SQL statement accordingly.
No CAPEC attack patterns related to this CWE.