| タイトル | jeecgboot JeecgBoot 3.8.2 broken function level authorization |
|---|
| 説明 | Proof of Concept (POC):
A low-privileged user authenticates to the JeecgBoot application.
The attacker, through other means (e.g., another vulnerability, inside information), obtains the IDs of one or more tenants they wish to delete.
The attacker crafts a DELETE request to the /sys/tenant/deleteBatch endpoint, including the ids of the target tenants as a query parameter. |
|---|
| ソース | ⚠️ https://www.cnblogs.com/aibot/p/19063351 |
|---|
| ユーザー | lucasg2g (UID 84737) |
|---|
| 送信 | 2025年09月12日 10:40 (7 月 ago) |
|---|
| モデレーション | 2025年09月25日 16:21 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 325848 [JeecgBoot 迄 3.8.2 /sys/tenant/deleteBatch ids 特権昇格] |
|---|
| ポイント | 19 |
|---|