| عنوان | SeriaWei ZKEACMS v4.3 Unauthorized deletion URL redirect rules |
|---|
| الوصف | The root cause of this vulnerability is that the Delete method in the UrlRedirectionController does not apply any permission verification mechanism. An attacker can send a POST request to /admin/UrlRedirection/Delete/{id} without logging in or having any specific permissions, thereby deleting the URL redirection rules that already exist in the system. This may cause the normal function of the website to be damaged, and users will encounter 404 errors when accessing redirected pages, affecting user experience and SEO. |
|---|
| المصدر | ⚠️ https://github.com/August829/YU1/issues/4 |
|---|
| المستخدم | Yu Bao (UID 88956) |
|---|
| ارسال | 16/09/2025 09:26 AM (9 أشهر منذ) |
|---|
| الاعتدال | 04/10/2025 07:56 AM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 327006 [SeriaWei ZKEACMS حتى 4.3 POST Request UrlRedirectionController.cs Delete تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|