| عنوان | roncoo roncoo-pay latest broken function level authorization |
|---|
| الوصف | An attacker can make a direct request to the /auth/orderQuery endpoint with a valid payKey and orderNo. The endpoint will return the status of the authentication record without verifying if the user making the request is authorized to view that specific record. |
|---|
| المصدر | ⚠️ https://www.cnblogs.com/aibot/p/19063496 |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 28/08/2025 05:32 PM (8 أشهر منذ) |
|---|
| الاعتدال | 11/09/2025 07:22 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 323649 [roncoo roncoo-pay حتى 9428382af21cd5568319eae7429b7e1d0332ff40 /auth/orderQuery orderNo تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|