| 제목 | jeecgboot JeecgBoot 3.8.2 broken function level authorization |
|---|
| 설명 | Proof of Concept (POC):
A low-privileged user authenticates to the JeecgBoot application.
The attacker, through other means (e.g., another vulnerability, inside information), obtains the IDs of one or more tenants they wish to delete.
The attacker crafts a DELETE request to the /sys/tenant/deleteBatch endpoint, including the ids of the target tenants as a query parameter. |
|---|
| 원천 | ⚠️ https://www.cnblogs.com/aibot/p/19063351 |
|---|
| 사용자 | lucasg2g (UID 84737) |
|---|
| 제출 | 2025. 09. 12. AM 10:40 (7 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 25. PM 04:21 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 325848 [JeecgBoot 까지 3.8.2 /sys/tenant/deleteBatch ids 권한 상승] |
|---|
| 포인트들 | 19 |
|---|