제출 #643392: elunez eladmin latest broken function level authorization정보

제목elunez eladmin latest broken function level authorization
설명Arbitrary File Deletion: A low-privileged user with storage:del permission can delete files belonging to other users. The deleteFile method in LocalStorageController only checks for the storage:del permission but does not verify if the user is the owner of the file being deleted. Request: DELETE /api/localStorage HTTP/1.1 Host: <host>
원천⚠️ https://www.cnblogs.com/aibot/p/19063329
사용자
 Anonymous User
제출2025. 08. 28. PM 05:37 (8 개월 ago)
모더레이션2025. 09. 03. PM 01:40 (6 days later)
상태수락
VulDB 항목322339 [elunez eladmin 1.1 LocalStorageController deleteFile 권한 상승]
포인트들19

이전개요다음

Do you know our Splunk app?

Download it now for free!