| Title | https://gitee.com/xujiangfei/admintwo admintwo 1.0 Horizontal privilege escalation vulnerability |
|---|
| Description | The /user/updateSet interface of Admintwo 1.0 version has a horizontal privilege escalation vulnerability. Attackers can illegally modify the account information of other users by modifying the email parameter. The system does not verify the requester's authority and the ownership relationship of the target account. |
|---|
| Source | ⚠️ https://github.com/caigo8/CVE-md/blob/main/admintwo/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%83.md |
|---|
| User | Caigo (UID 81287) |
|---|
| Submission | 04/02/2025 05:21 (1 Year ago) |
|---|
| Moderation | 04/04/2025 09:35 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 303326 [xujiangfei admintwo 1.0 /user/updateSet email access control] |
|---|
| Points | 18 |
|---|