sz-boot-parent sz-boot-parent <= v1.3.2-beta IDORИнформация

Название	feiyuchuixue https://github.com/feiyuchuixue/sz-boot-parent sz-boot-parent <= v1.3.2-beta IDOR
Описание	The API endpoint /api/admin/sys-message/{messageId} contains a critical security flaw that permits unauthorized malicious enumeration of the dynamic messageId path parameter, enabling any unauthenticated or low-privilege user to iterate through sequential or predictable messageId values and improperly access, view, and retrieve the private and sensitive message content belonging to other legitimate users within the system without any proper access control or authorization validation in place.
Источник	⚠️ https://github.com/yuccun/CVE/blob/main/sz-boot-parent-IDOR_Message_ID_Enumeration.md
Пользователь	yuccun (UID 93614)
Представление	07.02.2026 19:48 (3 месяцы назад)
Модерация	25.02.2026 09:32 (18 days later)
Статус	принято
Запись VulDB	347743 [feiyuchuixue sz-boot-parent до 1.3.2-beta API Endpoint /api/admin/sys-message/ messageId эскалация привилегий]
Баллы	20

Interested in the pricing of exploits?

See the underground prices here!