| عنوان | jeecgboot JeecgBoot 3.8.2 broken function level authorization |
|---|
| الوصف | Proof of Concept (POC):
A low-privileged user authenticates to the JeecgBoot application.
The attacker, through other means (e.g., another vulnerability, inside information), obtains the IDs of one or more tenants they wish to delete.
The attacker crafts a DELETE request to the /sys/tenant/deleteBatch endpoint, including the ids of the target tenants as a query parameter. |
|---|
| المصدر | ⚠️ https://www.cnblogs.com/aibot/p/19063351 |
|---|
| المستخدم | lucasg2g (UID 84737) |
|---|
| ارسال | 12/09/2025 10:40 AM (7 أشهر منذ) |
|---|
| الاعتدال | 25/09/2025 04:21 PM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 325848 [JeecgBoot حتى 3.8.2 /sys/tenant/deleteBatch ids تجاوز الصلاحيات] |
|---|
| النقاط | 19 |
|---|