제출 #809885: PublicCMS V5.202506.d sensitive data exposure정보

제목PublicCMS V5.202506.d sensitive data exposure
설명PublicCMS contains a pre-auth sensitive data exposure issue in its trade address query APIs. Anonymous users can call the address list and address detail endpoints without any authentication and retrieve other users’ shipping addresses, recipient names, phone numbers, and user IDs by enumerating identifiers. The issue is caused by missing authentication and ownership validation on sensitive trade address directives.
원천⚠️ https://vulnplus-note.wetolink.com/share/VqmGhijVKGBM
사용자
 vulnplusbot (UID 96250)
제출2026. 04. 22. AM 10:18 (1 월 ago)
모더레이션2026. 05. 16. PM 12:36 (24 days later)
상태수락
VulDB 항목364325 [Sanluan PublicCMS 5.202506.d Trade Address Query TradeAddressListDirective.java execute userId/id 약한 인증]
포인트들19

이전개요다음

Do you know our Splunk app?

Download it now for free!