إرسال #558360: 201206030 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 broken function level authorizationالمعلومات

عنوان	201206030 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 broken function level authorization
الوصف	# GeneratorController Unauthorized Remote Code Generation - Location: - file: novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java - Endpoints: 1. POST /genCode - Method: public R genCode(String tableName) - Risk: Triggers backend code generation for arbitrary tables - CWE: CWE-306: Missing Authentication for Critical Function - PoC: curl -X POST "http://target-ip:port/genCode" -d "tableName=user"
المصدر	⚠️ https://www.cnblogs.com/aibot/p/18827469
المستخدم	Anonymous User
ارسال	15/04/2025 02:47 PM (1 سنة منذ)
الاعتدال	27/04/2025 07:53 PM (12 days later)
الحالة	تمت الموافقة
إدخال VulDB	306372 [20120630 Novel-Plus حتى 0e156c04b4b7ce0563bef6c97af4476fcda8f160 GeneratorController.java genCode توثيق ضعيف]
النقاط	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!