제출 #644658: elunez eladmin latest broken function level authorisation정보

제목elunez eladmin latest broken function level authorisation
설명Unauthorized Log Viewing: Any authenticated user can view the details of any error log, even those generated by other users. The queryErrorLogDetail method in SysLogController does not perform any ownership check on the log ID. Request: GET /api/logs/error/1 HTTP/1.1
원천⚠️ https://www.cnblogs.com/aibot/p/19063331
사용자
 Anonymous User
제출2025. 08. 30. PM 04:23 (10 개월 ago)
모더레이션2025. 09. 07. PM 08:35 (8 days later)
상태수락
VulDB 항목323040 [elunez eladmin 까지 2.7 SysLogController /api/logs/error/1 queryErrorLogDetail 권한 상승]
포인트들17

이전개요다음

Might our Artificial Intelligence support you?

Check our Alexa App!