| Title | 201206030 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 broken function level authorization |
|---|
| Description | CVE-3: SessionController Leaks Online Session Info
- Location:
- file: novel-system/src/main/java/com/java2nb/system/controller/SessionController.java
- Endpoint:
- GET /list
- Method: public List list()
- CWE: CWE-306
- Risk: Allows Unauthorized users to view online user sessions
- PoC: curl http://target-ip:port/list |
|---|
| Source | ⚠️ https://www.cnblogs.com/aibot/p/18827501 |
|---|
| User | Anonymous User |
|---|
| Submission | 04/15/2025 15:03 (1 Year ago) |
|---|
| Moderation | 04/27/2025 19:53 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 306368 [20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SessionController.java list missing authentication] |
|---|
| Points | 19 |
|---|