إرسال #653337: jeecgboot JeecgBoot 3.8.2 broken function level authorizationالمعلومات

عنوانjeecgboot JeecgBoot 3.8.2 broken function level authorization
الوصفProof of Concept (POC): A user with low privileges authenticates to the JeecgBoot application. The attacker makes a GET request to the /sys/role/exportXls endpoint. This endpoint can be called without any parameters to export all system roles.
المصدر⚠️ https://www.cnblogs.com/aibot/p/19063353
المستخدم
 lucasg2g (UID 84737)
ارسال12/09/2025 10:42 AM (7 أشهر منذ)
الاعتدال25/09/2025 04:21 PM (13 days later)
الحالةتمت الموافقة
إدخال VulDB325850 [JeecgBoot حتى 3.8.2 /sys/role/exportXls تجاوز الصلاحيات]
النقاط16

التالي نظرة عامة السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!