Submit #50577: 华夏ERP 越权访问漏洞info

Title	华夏ERP 越权访问漏洞
Description	华夏ERP默认集成了用户、权限、菜单、路由、分类、标签、日志、字段、表单、表格、上传、API等基本功能模块。华夏ERP是为了WEB应用敏捷开发和简化企业应用开发而诞生的、框架、模块、插件、模板均可独立升级和扩展。华夏ERP后台在零售管理—零售出货中可通过访问绝对路径，获取系统信息。可通过未登录的浏览器访问漏洞路径获取系统信息。漏洞地址：http://ip:8080/index.html#/pages/bill/retail_out_list.html 代码下载地址：https://gitee.com/jishenghua/JSH_ERP
Source	⚠️ https://github.com/Ha0Liu/cveAdd/blob/developer/README.EN.yuequan.md
User	ha0l (UID 35011)
Submission	11/02/2022 09:41 (4 years ago)
Moderation	11/02/2022 10:06 (25 minutes later)
Status	Accepted
VulDB entry	212793 [Huaxia ERP Retail Management /depotHead/list Search information disclosure]
Points	20

Do you need the next level of professionalism?

Upgrade your account now!