| Título | 郑州卡卡罗特软件科技有限公司 WukongCRM WukongCRM-11.x-JAVA logical flaw vulnerability |
|---|
| Descripción |
There is a flaw in the whitelist release logic for Swagger document paths (/v2/app docs) in PermissionServiceImpl. java. Attackers can deceive through URL endings (such as/target/app///; Bypass Gateway authentication and ultimately obtain all permissions for the web system. This vulnerability can tamper with any user's password, query any data credentials, and cause the system to crash, posing risks of full information leakage and data addition, deletion, modification, and querying. |
|---|
| Fuente | ⚠️ https://github.com/SourByte05/SourByte-Lab/issues/8 |
|---|
| Usuario | sourbyte (UID 94279) |
|---|
| Sumisión | 2026-01-27 10:16 (hace 3 meses) |
|---|
| Moderación | 2026-02-06 22:06 (10 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 344776 [WuKongOpenSource WukongCRM hasta 11.3.3 URL PermissionServiceImpl.java escalada de privilegios] |
|---|
| Puntos | 20 |
|---|