إرسال #525609: VBlog 1.0.0 Improper Authenticationالمعلومات

عنوان	VBlog 1.0.0 Improper Authentication
الوصف	In the file blogserver/src/main/java/org/sang/config/WebSecurityConfig.java, the method configure(HttpSecurity http) configures an url access control incorrectly. The method uses "/reg" to match url but ignores patterns like "/reg/". Only admin can create user, however, users not in admin group can create user via path /reg/.
المصدر	⚠️ https://magnificent-dill-351.notion.site/Improper-Authentication-Vulnerability-in-VBlog-1-0-0-1c0c693918ed80f2ace4fff7d1d51619
المستخدم	s0l42 (UID 82389)
ارسال	24/03/2025 03:45 AM (1 سنة منذ)
الاعتدال	07/04/2025 12:05 PM (14 days later)
الحالة	تمت الموافقة
إدخال VulDB	303643 [lenve VBlog حتى 1.0.0 WebSecurityConfig.java configure تجاوز الصلاحيات]
النقاط	15

Interested in the pricing of exploits?

See the underground prices here!