Enviar #644658: elunez eladmin latest broken function level authorisationinformación

Títuloelunez eladmin latest broken function level authorisation
DescripciónUnauthorized Log Viewing: Any authenticated user can view the details of any error log, even those generated by other users. The queryErrorLogDetail method in SysLogController does not perform any ownership check on the log ID. Request: GET /api/logs/error/1 HTTP/1.1
Fuente⚠️ https://www.cnblogs.com/aibot/p/19063331
Usuario
 Anonymous User
Sumisión2025-08-30 16:23 (hace 10 meses)
Moderación2025-09-07 20:35 (8 days later)
EstadoAceptado
Entrada de VulDB323040 [elunez eladmin hasta 2.7 SysLogController /api/logs/error/1 queryErrorLogDetail escalada de privilegios]
Puntos17

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!