إرسال #558367: 201206030 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 broken function level authorizationالمعلومات

عنوان201206030 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 broken function level authorization
الوصفCVE-3: SessionController Leaks Online Session Info - Location: - file: novel-system/src/main/java/com/java2nb/system/controller/SessionController.java - Endpoint: - GET /list - Method: public List list() - CWE: CWE-306 - Risk: Allows Unauthorized users to view online user sessions - PoC: curl http://target-ip:port/list
المصدر⚠️ https://www.cnblogs.com/aibot/p/18827501
المستخدم
 Anonymous User
ارسال15/04/2025 03:03 PM (1 سنة منذ)
الاعتدال27/04/2025 07:53 PM (12 days later)
الحالةتمت الموافقة
إدخال VulDB306368 [20120630 Novel-Plus حتى 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SessionController.java list توثيق ضعيف]
النقاط19

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!