제출 #643387: roncoo roncoo-pay latest broken function level authorization정보

제목roncoo roncoo-pay latest broken function level authorization
설명An attacker can make a direct request to the /auth/orderQuery endpoint with a valid payKey and orderNo. The endpoint will return the status of the authentication record without verifying if the user making the request is authorized to view that specific record.
원천⚠️ https://www.cnblogs.com/aibot/p/19063496
사용자
 Anonymous User
제출2025. 08. 28. PM 05:32 (8 개월 ago)
모더레이션2025. 09. 11. PM 07:22 (14 days later)
상태수락
VulDB 항목323649 [roncoo roncoo-pay 까지 9428382af21cd5568319eae7429b7e1d0332ff40 /auth/orderQuery orderNo 권한 상승]
포인트들17

Might our Artificial Intelligence support you?

Check our Alexa App!