जमा करें #618985: Gitee 蛋糕商城JPA版 1.0 Incorrect Privilege Assignmentजानकारी

शीर्षकGitee 蛋糕商城JPA版 1.0 Incorrect Privilege Assignment
विवरण蛋糕商城JPA版 is vulnerable to Privilege Escalation vulnerability. The system uses Apache Shiro for permission management but fails to enforce access control on critical APIs, resulting in authorization bypass. A regular user, while authenticated, can access certain backend management functionalities that should be restricted, such as operations on product data and order information. This improper access control ultimately leads to a privilege escalation vulnerability.
स्रोत⚠️ https://github.com/Bemcliu/cve-reports/blob/main/cve-02-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Privilege%20Escalation/readme.md
उपयोगकर्ता
 HJAQiang (UID 86075)
सबमिशन19/07/2025 04:09 PM (12 महीनों पहले)
संयम21/07/2025 09:14 AM (2 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि317075 [jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 GoodsController.java updateGoods अधिकार वृद्धि]
अंक20

Do you know our Splunk app?

Download it now for free!