sz-boot-parent sz-boot-parent <= v1.3.2-beta IDORinfo

Titel	feiyuchuixue https://github.com/feiyuchuixue/sz-boot-parent sz-boot-parent <= v1.3.2-beta IDOR
Beschreibung	The API endpoint /api/admin/sys-message/{messageId} contains a critical security flaw that permits unauthorized malicious enumeration of the dynamic messageId path parameter, enabling any unauthenticated or low-privilege user to iterate through sequential or predictable messageId values and improperly access, view, and retrieve the private and sensitive message content belonging to other legitimate users within the system without any proper access control or authorization validation in place.
Quelle	⚠️ https://github.com/yuccun/CVE/blob/main/sz-boot-parent-IDOR_Message_ID_Enumeration.md
Benutzer	yuccun (UID 93614)
Einreichung	07.02.2026 19:48 (vor 3 Monaten)
Moderieren	25.02.2026 09:32 (18 days later)
Status	Akzeptiert
VulDB Eintrag	347743 [feiyuchuixue sz-boot-parent bis 1.3.2-beta API Endpoint /api/admin/sys-message/ messageId erweiterte Rechte]
Punkte	20

Interested in the pricing of exploits?

See the underground prices here!