إرسال #676283: TIME-SEA-PLUS <=2.4 Improper Control of Resource Identifiersالمعلومات

عنوانTIME-SEA-PLUS <=2.4 Improper Control of Resource Identifiers
الوصفIn TIME-SEA-PLUS (https://github.com/dulaiduwang003/TIME-SEA-chatgpt), the endpoint POST /pay/alipay/status/{orderId} lacks proper resource ownership validation, allowing unauthorized access to other users’ order information.
المصدر⚠️ https://github.com/Hwwg/cve/issues/3
المستخدم
 huangweigang (UID 88993)
ارسال15/10/2025 01:53 PM (6 أشهر منذ)
الاعتدال26/10/2025 06:03 PM (11 days later)
الحالةتمت الموافقة
إدخال VulDB329976 [dulaiduwang003 TIME-SEA-PLUS حتى fb299162f18498dd9cf17da906886d80a077d53b Order Status PayController.java alipayIsSucceed تجاوز الصلاحيات]
النقاط17

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!