CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Official CWE-639 definition at MITREImpactr finds and proves weaknesses like CWE-639 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist