| Titre | 201206030 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 broken function level authorization |
|---|
| Description | CVE-3: SessionController Leaks Online Session Info
- Location:
- file: novel-system/src/main/java/com/java2nb/system/controller/SessionController.java
- Endpoint:
- GET /list
- Method: public List list()
- CWE: CWE-306
- Risk: Allows Unauthorized users to view online user sessions
- PoC: curl http://target-ip:port/list |
|---|
| La source | ⚠️ https://www.cnblogs.com/aibot/p/18827501 |
|---|
| Utilisateur | Anonymous User |
|---|
| Soumission | 15/04/2025 15:03 (il y a 1 Année) |
|---|
| Modérer | 27/04/2025 19:53 (12 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 306368 [20120630 Novel-Plus SessionController.java list authentification faible] |
|---|
| Points | 19 |
|---|