| शीर्षक | TIME-SEA-PLUS <=2.4 Improper Control of Resource Identifiers |
|---|
| विवरण | In TIME-SEA-PLUS (https://github.com/dulaiduwang003/TIME-SEA-chatgpt), the endpoint POST /pay/alipay/status/{orderId} lacks proper resource ownership validation, allowing unauthorized access to other users’ order information. |
|---|
| स्रोत | ⚠️ https://github.com/Hwwg/cve/issues/3 |
|---|
| उपयोगकर्ता | huangweigang (UID 88993) |
|---|
| सबमिशन | 15/10/2025 01:53 PM (6 महीनों पहले) |
|---|
| संयम | 26/10/2025 06:03 PM (11 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 329976 [dulaiduwang003 TIME-SEA-PLUS तक fb299162f18498dd9cf17da906886d80a077d53b Order Status PayController.java alipayIsSucceed अधिकार वृद्धि] |
|---|
| अंक | 17 |
|---|