Submeter #619277: jishenghua https://github.com/jishenghua/jshERP <=3.5 IDOR (arbitrary password reset)informação

Títulojishenghua https://github.com/jishenghua/jshERP <=3.5 IDOR (arbitrary password reset)
Descrição A high-risk IDOR vulnerability has been discovered in the latest version (v3.5). After logging in with a low-privilege role account, users can send requests to modify any account's password through the /jshERP-boot/user/updatePwd endpoint, just like a system administrator account, and can successfully change target account's password.
Fonte⚠️ https://github.com/jishenghua/jshERP/issues/123
Utilizador
 ZAST.AI (UID 87884)
Submissão20/07/2025 12h03 (há 11 meses)
Moderação21/07/2025 09h50 (22 hours later)
EstadoAceite
Entrada VulDB317089 [jshERP até 3.5 updatePwd Elevação de Privilégios]
Pontos18

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!