| Titel | elunez eladmin latest broken function level authorisation |
|---|
| Beschreibung | Unauthorized Log Viewing:
Any authenticated user can view the details of any error log, even those generated by other users.
The queryErrorLogDetail method in SysLogController does not perform any ownership check on the log ID.
Request:
GET /api/logs/error/1 HTTP/1.1 |
|---|
| Quelle | ⚠️ https://www.cnblogs.com/aibot/p/19063331 |
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 30.08.2025 16:23 (vor 10 Monaten) |
|---|
| Moderieren | 07.09.2025 20:35 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 323040 [elunez eladmin bis 2.7 SysLogController /api/logs/error/1 queryErrorLogDetail erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|