| Title | 延禾信息 fuint门店会员营销系统 V1.0 Authorization Bypass |
|---|
| Description | The application contains a critical flaw in the user authentication logic where the securely generated authentication token is immediately overwritten with the user's mobile phone number. This results in an authentication bypass vulnerability that allows any attacker who knows a user's phone number to gain unauthorized access to that user's account. |
|---|
| Source | ⚠️ https://github.com/fushengqian/fuint/issues/67 |
|---|
| User | 1098024193 (UID 45260) |
|---|
| Submission | 10/21/2025 05:07 (8 months ago) |
|---|
| Moderation | 11/02/2025 18:47 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 330915 [fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032 Authentication Token ClientSignController.java authorization] |
|---|
| Points | 18 |
|---|