sz-boot-parent sz-boot-parent <= v1.3.2-beta IDOR정보

제목	feiyuchuixue https://github.com/feiyuchuixue/sz-boot-parent sz-boot-parent <= v1.3.2-beta IDOR
설명	The API endpoint /api/admin/sys-message/{messageId} contains a critical security flaw that permits unauthorized malicious enumeration of the dynamic messageId path parameter, enabling any unauthenticated or low-privilege user to iterate through sequential or predictable messageId values and improperly access, view, and retrieve the private and sensitive message content belonging to other legitimate users within the system without any proper access control or authorization validation in place.
원천	⚠️ https://github.com/yuccun/CVE/blob/main/sz-boot-parent-IDOR_Message_ID_Enumeration.md
사용자	yuccun (UID 93614)
제출	2026. 02. 07. PM 07:48 (3 개월 ago)
모더레이션	2026. 02. 25. AM 09:32 (18 days later)
상태	수락
VulDB 항목	347743 [feiyuchuixue sz-boot-parent 까지 1.3.2-beta API Endpoint /api/admin/sys-message/ messageId 권한 상승]
포인트들	20

Do you know our Splunk app?

Download it now for free!