| Title | elunez eladmin latest broken function level authorisation |
|---|
| Description | Unauthorized Log Viewing:
Any authenticated user can view the details of any error log, even those generated by other users.
The queryErrorLogDetail method in SysLogController does not perform any ownership check on the log ID.
Request:
GET /api/logs/error/1 HTTP/1.1 |
|---|
| Source | ⚠️ https://www.cnblogs.com/aibot/p/19063331 |
|---|
| User | Anonymous User |
|---|
| Submission | 08/30/2025 16:23 (10 months ago) |
|---|
| Moderation | 09/07/2025 20:35 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 323040 [elunez eladmin up to 2.7 SysLogController /api/logs/error/1 queryErrorLogDetail improper authorization] |
|---|
| Points | 17 |
|---|