Invia #653743: fuyang_lipengjun platform 1.0 broken function level authorizationinformazioni

Titolofuyang_lipengjun platform 1.0 broken function level authorization
DescrizioneVulnerability Report Product: platform URL: http://host/sys/smslog/queryAll Title: Broken Function Level Authorization in SysSmsLogController's queryAll Method PoC (Proof of Concept): Log in to the application with any user account, including those with low privileges. Send a GET request to the endpoint http://host/sys/smslog/queryAll. The server returns a complete list of sms log information. This data should typically be restricted to users with administrative privileges.
Fonte⚠️ https://www.cnblogs.com/aibot/p/19063462
Utente
 Anonymous User
Sottomissione13/09/2025 06:35 (10 mesi fa)
Moderazione21/09/2025 17:59 (8 days later)
StatoAccettato
Voce VulDB325179 [fuyang_lipengjun platform 1.0 /sys/smslog/queryAll SysSmsLogController escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!