提出 #618985: Gitee 蛋糕商城JPA版 1.0 Incorrect Privilege Assignment情報

タイトルGitee 蛋糕商城JPA版 1.0 Incorrect Privilege Assignment
説明蛋糕商城JPA版 is vulnerable to Privilege Escalation vulnerability. The system uses Apache Shiro for permission management but fails to enforce access control on critical APIs, resulting in authorization bypass. A regular user, while authenticated, can access certain backend management functionalities that should be restricted, such as operations on product data and order information. This improper access control ultimately leads to a privilege escalation vulnerability.
ソース⚠️ https://github.com/Bemcliu/cve-reports/blob/main/cve-02-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Privilege%20Escalation/readme.md
ユーザー
 HJAQiang (UID 86075)
送信2025年07月19日 16:09 (12 月 ago)
モデレーション2025年07月21日 09:14 (2 days later)
ステータス承諾済み
VulDBエントリ317075 [jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 GoodsController.java updateGoods 特権昇格]
ポイント20

Do you need the next level of professionalism?

Upgrade your account now!