| 제목 | https://github.com/pbrong/hrms hrms 1.0.1 Unauthorized bypass access |
|---|
| 설명 | pbrong/hrms There is an unauthorized access to user information vulnerability in HRms-1.0.1 \resource\resource.go file.The vulnerability is due to the flaw in the system's permission verification during database query, which causes the attacker to bypass the permission verification by constructing cookies to obtain user information.
Official website: https://github.com/pbrong/hrms/releases/tag/1.0.1
Vulnerability details: https://github.com/A7cc/cve/issues/4
|
|---|
| 원천 | ⚠️ https://github.com/A7cc/cve/issues/4 |
|---|
| 사용자 | a7cc (UID 81317) |
|---|
| 제출 | 2025. 02. 25. AM 06:59 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 01. PM 02:59 (4 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 298083 [pbrong hrms 까지 1.0.1 \resource\resource.go HrmsDB user_cookie 권한 상승] |
|---|
| 포인트들 | 20 |
|---|