إرسال #643392: elunez eladmin latest broken function level authorizationالمعلومات

عنوانelunez eladmin latest broken function level authorization
الوصفArbitrary File Deletion: A low-privileged user with storage:del permission can delete files belonging to other users. The deleteFile method in LocalStorageController only checks for the storage:del permission but does not verify if the user is the owner of the file being deleted. Request: DELETE /api/localStorage HTTP/1.1 Host: <host>
المصدر⚠️ https://www.cnblogs.com/aibot/p/19063329
المستخدم
 Anonymous User
ارسال28/08/2025 05:37 PM (8 أشهر منذ)
الاعتدال03/09/2025 01:40 PM (6 days later)
الحالةتمت الموافقة
إدخال VulDB322339 [elunez eladmin 1.1 LocalStorageController deleteFile تجاوز الصلاحيات]
النقاط19

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!