제출 #618985: Gitee 蛋糕商城JPA版 1.0 Incorrect Privilege Assignment정보

제목Gitee 蛋糕商城JPA版 1.0 Incorrect Privilege Assignment
설명蛋糕商城JPA版 is vulnerable to Privilege Escalation vulnerability. The system uses Apache Shiro for permission management but fails to enforce access control on critical APIs, resulting in authorization bypass. A regular user, while authenticated, can access certain backend management functionalities that should be restricted, such as operations on product data and order information. This improper access control ultimately leads to a privilege escalation vulnerability.
원천⚠️ https://github.com/Bemcliu/cve-reports/blob/main/cve-02-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Privilege%20Escalation/readme.md
사용자
 HJAQiang (UID 86075)
제출2025. 07. 19. PM 04:09 (12 개월 ago)
모더레이션2025. 07. 21. AM 09:14 (2 days later)
상태수락
VulDB 항목317075 [jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 GoodsController.java updateGoods 권한 상승]
포인트들20

Want to know what is going to be exploited?

We predict KEV entries!