| Titre | feiyuchuixue https://github.com/feiyuchuixue/sz-boot-parent sz-boot-parent <= v1.3.2-beta IDOR |
|---|
| Description | The API endpoint /api/admin/sys-message/{messageId} contains a critical security flaw that permits unauthorized malicious enumeration of the dynamic messageId path parameter, enabling any unauthenticated or low-privilege user to iterate through sequential or predictable messageId values and improperly access, view, and retrieve the private and sensitive message content belonging to other legitimate users within the system without any proper access control or authorization validation in place. |
|---|
| La source | ⚠️ https://github.com/yuccun/CVE/blob/main/sz-boot-parent-IDOR_Message_ID_Enumeration.md |
|---|
| Utilisateur | yuccun (UID 93614) |
|---|
| Soumission | 07/02/2026 19:48 (il y a 3 mois) |
|---|
| Modérer | 25/02/2026 09:32 (18 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 347743 [feiyuchuixue sz-boot-parent jusqu’à 1.3.2-beta API Endpoint /api/admin/sys-message/ messageId élévation de privilèges] |
|---|
| Points | 20 |
|---|