Submeter #622573: jishenghua https://github.com/jishenghua/jshERP <=3.5 IDOR(arbitrary account deletion)informação

Títulojishenghua https://github.com/jishenghua/jshERP <=3.5 IDOR(arbitrary account deletion)
DescriçãoA high-risk IDOR vulnerability has been discovered in the latest version (v3.5). After logging in with a low-privilege role account, users can send requests to the /jshERP-boot/user/deleteBatch endpoint to perform unauthorized batch operations, which should only be accessible by system administrator accounts. This allows attackers to target and affect multiple user accounts simultaneously.
Fonte⚠️ https://github.com/jishenghua/jshERP/issues/126
Utilizador
 ez-lbz (UID 87033)
Submissão25/07/2025 16h37 (há 9 meses)
Moderação10/08/2025 13h31 (16 days later)
EstadoAceite
Entrada VulDB319374 [jshERP até 3.5 Endpoint deleteBatch ids Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!