| Título | jeecgboot JeecgBoot 3.8.2 broken function level authorization |
|---|
| Descrição | Proof of Concept (POC):
A user with low privileges authenticates to the JeecgBoot application.
The attacker makes a GET request to the /sys/role/exportXls endpoint. This endpoint can be called without any parameters to export all system roles. |
|---|
| Fonte | ⚠️ https://www.cnblogs.com/aibot/p/19063353 |
|---|
| Utilizador | lucasg2g (UID 84737) |
|---|
| Submissão | 12/09/2025 10h42 (há 7 meses) |
|---|
| Moderação | 25/09/2025 16h21 (13 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 325850 [JeecgBoot até 3.8.2 /sys/role/exportXls Elevação de Privilégios] |
|---|
| Pontos | 16 |
|---|