Submit #780589: 勾股开源 gougucms v4.08.18 Business Logic Errorsinfo

Title勾股开源 gougucms v4.08.18 Business Logic Errors
DescriptionVulnerability Name: Mass Assignment. CWE: CWE-915 Link of project: https://gitee.com/gouguopen/gougucms Description: Mass Assignment in GouguCMS v4.08.18 allows an unauthenticated attacker to elevate privileges to VIP users by injecting the level parameter during the user registration process at the /home/login/reg endpoint.
Source⚠️ https://thinhneee.github.io/posts/gougu-mass-assign/
User
 thinhnee (UID 96296)
Submission03/16/2026 03:27 (4 months ago)
Moderation03/31/2026 18:01 (16 days later)
StatusAccepted
VulDB entry354429 [gougucms 4.08.18 User Registration Login.php reg_submit level dynamically-determined object attributes]
Points19

Do you need the next level of professionalism?

Upgrade your account now!