| Название | jeecgboot JeecgBoot 3.8.2 broken function level authorization |
|---|
| Описание | Proof of Concept (POC):
A low-privileged user authenticates to the JeecgBoot application.
The attacker, through other means (e.g., another vulnerability, inside information), obtains the IDs of one or more tenants they wish to delete.
The attacker crafts a DELETE request to the /sys/tenant/deleteBatch endpoint, including the ids of the target tenants as a query parameter. |
|---|
| Источник | ⚠️ https://www.cnblogs.com/aibot/p/19063351 |
|---|
| Пользователь | lucasg2g (UID 84737) |
|---|
| Представление | 12.09.2025 10:40 (8 месяцы назад) |
|---|
| Модерация | 25.09.2025 16:21 (13 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 325848 [JeecgBoot до 3.8.2 /sys/tenant/deleteBatch ids эскалация привилегий] |
|---|
| Баллы | 19 |
|---|