إرسال #644658: elunez eladmin latest broken function level authorisationالمعلومات

عنوان	elunez eladmin latest broken function level authorisation
الوصف	Unauthorized Log Viewing: Any authenticated user can view the details of any error log, even those generated by other users. The queryErrorLogDetail method in SysLogController does not perform any ownership check on the log ID. Request: GET /api/logs/error/1 HTTP/1.1
المصدر	⚠️ https://www.cnblogs.com/aibot/p/19063331
المستخدم	Anonymous User
ارسال	30/08/2025 04:23 PM (10 أشهر منذ)
الاعتدال	07/09/2025 08:35 PM (8 days later)
الحالة	تمت الموافقة
إدخال VulDB	323040 [elunez eladmin حتى 2.7 SysLogController /api/logs/error/1 queryErrorLogDetail تجاوز الصلاحيات]
النقاط	17

Want to stay up to date on a daily basis?

Enable the mail alert feature now!