| Title | wander-chu SpringBoot-Blog 1.0 permission bypass |
|---|
| Description | src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java The preHandle method in has permission bypass, and POST requests sent can bypass login and modify website content as long as the path does not start with/admin |
|---|
| Source | ⚠️ https://github.com/wander-chu/SpringBoot-Blog/issues/4 |
|---|
| User | LVZC2 (UID 76821) |
|---|
| Submission | 12/28/2024 09:54 (1 Year ago) |
|---|
| Moderation | 01/08/2025 15:51 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 290793 [wander-chu SpringBoot-Blog 1.0 HTTP POST Request BaseInterceptor.java preHandle access control] |
|---|
| Points | 16 |
|---|