| タイトル | 郑州卡卡罗特软件科技有限公司 WukongCRM WukongCRM-11.x-JAVA logical flaw vulnerability |
|---|
| 説明 |
There is a flaw in the whitelist release logic for Swagger document paths (/v2/app docs) in PermissionServiceImpl. java. Attackers can deceive through URL endings (such as/target/app///; Bypass Gateway authentication and ultimately obtain all permissions for the web system. This vulnerability can tamper with any user's password, query any data credentials, and cause the system to crash, posing risks of full information leakage and data addition, deletion, modification, and querying. |
|---|
| ソース | ⚠️ https://github.com/SourByte05/SourByte-Lab/issues/8 |
|---|
| ユーザー | sourbyte (UID 94279) |
|---|
| 送信 | 2026年01月27日 10:16 (3 月 ago) |
|---|
| モデレーション | 2026年02月06日 22:06 (10 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 344776 [WuKongOpenSource WukongCRM 迄 11.3.3 URL PermissionServiceImpl.java 特権昇格] |
|---|
| ポイント | 20 |
|---|