| Title | roncoo roncoo-pay latest broken function level authorization |
|---|
| Description | Product: roncoo_roncoo_pay
URL: /user/info/lookupList
Title: Broken Function Level Authorization in UserInfoController
PoC:
A direct GET request to /user/info/lookupList without proper authentication or authorization allows access to the user lookup functionality. |
|---|
| Source | ⚠️ https://www.cnblogs.com/aibot/p/19063472 |
|---|
| User | Anonymous User |
|---|
| Submission | 09/13/2025 06:22 (7 months ago) |
|---|
| Moderation | 09/25/2025 19:52 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 325919 [roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40 /user/info/lookupList improper authorization] |
|---|
| Points | 18 |
|---|