Submeter #745509: yeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controlsinformação

Títuloyeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls
DescriçãoUser CRUD endpoints do not enforce role/permission checks. Any logged-in user can create new accounts, modify existing users, or delete users. This enables account takeover, creation of backdoor accounts, and denial of service by removing legitimate users.
Fonte⚠️ https://github.com/yeqifu/warehouse/issues/53
Utilizador
 AliceS614 (UID 94277)
Submissão23/01/2026 10h44 (há 5 meses)
Moderação06/02/2026 08h57 (14 days later)
EstadoAceite
Entrada VulDB344642 [yeqifu warehouse até aaf29962ba407d22d991781de28796ee7b4670e4 User Management Endpoint UserController.java addUser/updateUser/deleteUser Elevação de Privilégios]
Pontos17

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!