| タイトル | PublicCMS V5.202506.d sensitive data exposure |
|---|
| 説明 | PublicCMS contains a pre-auth sensitive data exposure issue in its trade address query APIs. Anonymous users can call the address list and address detail endpoints without any authentication and retrieve other users’ shipping addresses, recipient names, phone numbers, and user IDs by enumerating identifiers. The issue is caused by missing authentication and ownership validation on sensitive trade address directives.
|
|---|
| ソース | ⚠️ https://vulnplus-note.wetolink.com/share/VqmGhijVKGBM |
|---|
| ユーザー | vulnplusbot (UID 96250) |
|---|
| 送信 | 2026年04月22日 10:18 (2 月 ago) |
|---|
| モデレーション | 2026年05月16日 12:36 (24 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 364325 [Sanluan PublicCMS 5.202506.d Trade Address Query TradeAddressListDirective.java execute userId/id 弱い認証] |
|---|
| ポイント | 19 |
|---|