إرسال #618985: Gitee 蛋糕商城JPA版 1.0 Incorrect Privilege Assignmentالمعلومات

عنوانGitee 蛋糕商城JPA版 1.0 Incorrect Privilege Assignment
الوصف蛋糕商城JPA版 is vulnerable to Privilege Escalation vulnerability. The system uses Apache Shiro for permission management but fails to enforce access control on critical APIs, resulting in authorization bypass. A regular user, while authenticated, can access certain backend management functionalities that should be restricted, such as operations on product data and order information. This improper access control ultimately leads to a privilege escalation vulnerability.
المصدر⚠️ https://github.com/Bemcliu/cve-reports/blob/main/cve-02-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Privilege%20Escalation/readme.md
المستخدم
 HJAQiang (UID 86075)
ارسال19/07/2025 04:09 PM (12 أشهر منذ)
الاعتدال21/07/2025 09:14 AM (2 days later)
الحالةتمت الموافقة
إدخال VulDB317075 [jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 GoodsController.java updateGoods تجاوز الصلاحيات]
النقاط20

Do you know our Splunk app?

Download it now for free!