提出 #754431: warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls情報

タイトルwarehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls
説明Sales and salesback endpoints do not enforce permissions. Attackers can forge sales or return records, delete legitimate records, and manipulate revenue/stock data, which impacts accounting accuracy and business reporting. These endpoints should enforce role-based access control, validate ownership/workflow state, and log all changes for auditability.
ソース⚠️ https://github.com/yeqifu/warehouse/issues/63
ユーザー
 AliceS614 (UID 94277)
送信2026年02月09日 05:58 (5 月 ago)
モデレーション2026年02月20日 10:01 (11 days later)
ステータス承諾済み
VulDBエントリ347088 [yeqifu warehouse 迄 aaf29962ba407d22d991781de28796ee7b4670e4 Sales Endpoint SalesController.java addSales/updateSales/deleteSales 特権昇格]
ポイント18

Do you need the next level of professionalism?

Upgrade your account now!