| 제목 | 郑州卡卡罗特软件科技有限公司 WukongCRM WukongCRM-11.x-JAVA logical flaw vulnerability |
|---|
| 설명 |
There is a flaw in the whitelist release logic for Swagger document paths (/v2/app docs) in PermissionServiceImpl. java. Attackers can deceive through URL endings (such as/target/app///; Bypass Gateway authentication and ultimately obtain all permissions for the web system. This vulnerability can tamper with any user's password, query any data credentials, and cause the system to crash, posing risks of full information leakage and data addition, deletion, modification, and querying. |
|---|
| 원천 | ⚠️ https://github.com/SourByte05/SourByte-Lab/issues/8 |
|---|
| 사용자 | sourbyte (UID 94279) |
|---|
| 제출 | 2026. 01. 27. AM 10:16 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 06. PM 10:06 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 344776 [WuKongOpenSource WukongCRM 까지 11.3.3 URL PermissionServiceImpl.java 권한 상승] |
|---|
| 포인트들 | 20 |
|---|