| Titre | TIME-SEA-PLUS <=2.4 Improper Control of Resource Identifiers |
|---|
| Description | In TIME-SEA-PLUS (https://github.com/dulaiduwang003/TIME-SEA-chatgpt), the endpoint POST /pay/alipay/status/{orderId} lacks proper resource ownership validation, allowing unauthorized access to other users’ order information. |
|---|
| La source | ⚠️ https://github.com/Hwwg/cve/issues/3 |
|---|
| Utilisateur | huangweigang (UID 88993) |
|---|
| Soumission | 15/10/2025 13:53 (il y a 6 mois) |
|---|
| Modérer | 26/10/2025 18:03 (11 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 329976 [dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed élévation de privilèges] |
|---|
| Points | 17 |
|---|