| タイトル | haxxorsid stock-management-system 1.0 Improper Access Controls |
|---|
| 説明 | haxxorsid/stock-management-system is an application developed based on MVC pattern, but the application only sets the permission control mechanism in the view layer, and does not set the permission control in the controller layer. As a result, unauthorized users can directly access controller's interface through apis to obtain sensitive application information or perform sensitive operations. |
|---|
| ソース | ⚠️ https://github.com/ixpqxi/CVE_LIST/blob/master/stock_management_system/access_control_vulnerability.md |
|---|
| ユーザー | ixpqxi (UID 83247) |
|---|
| 送信 | 2025年12月01日 03:57 (6 月 ago) |
|---|
| モデレーション | 2025年12月12日 12:14 (11 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 336191 [haxxorsid Stock-Management-System 迄 fbbbf213e9c93b87183a3891f77e3cc7095f22b0 /api/employees 弱い認証] |
|---|
| ポイント | 19 |
|---|