sz-boot-parent sz-boot-parent <= v1.3.2-beta IDORinformação

Título	feiyuchuixue https://github.com/feiyuchuixue/sz-boot-parent sz-boot-parent <= v1.3.2-beta IDOR
Descrição	The API endpoint /api/admin/sys-message/{messageId} contains a critical security flaw that permits unauthorized malicious enumeration of the dynamic messageId path parameter, enabling any unauthenticated or low-privilege user to iterate through sequential or predictable messageId values and improperly access, view, and retrieve the private and sensitive message content belonging to other legitimate users within the system without any proper access control or authorization validation in place.
Fonte	⚠️ https://github.com/yuccun/CVE/blob/main/sz-boot-parent-IDOR_Message_ID_Enumeration.md
Utilizador	yuccun (UID 93614)
Submissão	07/02/2026 19h48 (há 3 meses)
Moderação	25/02/2026 09h32 (18 days later)
Estado	Aceite
Entrada VulDB	347743 [feiyuchuixue sz-boot-parent até 1.3.2-beta API Endpoint /api/admin/sys-message/ messageId Elevação de Privilégios]
Pontos	20

Interested in the pricing of exploits?

See the underground prices here!