| शीर्षक | yeqifu warehouse aaf29962ba407d22d991781de28796ee7b4670e4 vertical privilege escalation |
|---|
| विवरण | A vertical privilege escalation vulnerability was discovered in `UserController.java` of the warehouse project https://github.com/yeqifu/warehouse. The affected functionality handles user–role relationships and is intended to allow only administrators to assign roles to users. However, the corresponding route fails to perform proper identity and authorization checks when processing these requests. As a result, an ordinary user can craft and send a malicious request to assign privileged roles to themselves, including the system administrator role. Successful exploitation of this vulnerability allows attackers to elevate their privileges and gain full administrative control over the system. |
|---|
| स्रोत | ⚠️ https://github.com/5i1encee/Vul/blob/main/Vertical_privilege_escalation_Vulnerability_in_Project_yeqifu_warehouse.md |
|---|
| उपयोगकर्ता | 5i1encee (UID 94076) |
|---|
| सबमिशन | 02/01/2026 02:17 PM (5 महीनों पहले) |
|---|
| संयम | 03/01/2026 09:58 AM (20 hours later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 339458 [yeqifu warehouse तक aaf29962ba407d22d991781de28796ee7b4670e4 Request UserController.java saveUserRole अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|