Gửi #618985: Gitee 蛋糕商城JPA版 1.0 Incorrect Privilege Assignmentthông tin

tiêu đềGitee 蛋糕商城JPA版 1.0 Incorrect Privilege Assignment
Mô tả蛋糕商城JPA版 is vulnerable to Privilege Escalation vulnerability. The system uses Apache Shiro for permission management but fails to enforce access control on critical APIs, resulting in authorization bypass. A regular user, while authenticated, can access certain backend management functionalities that should be restricted, such as operations on product data and order information. This improper access control ultimately leads to a privilege escalation vulnerability.
Nguồn⚠️ https://github.com/Bemcliu/cve-reports/blob/main/cve-02-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Privilege%20Escalation/readme.md
Người dùng
 HJAQiang (UID 86075)
Đệ trình19/07/2025 16:09 (cách đây 12 các tháng)
Kiểm duyệt21/07/2025 09:14 (2 days later)
Trạng tháiđược chấp nhận
Mục VulDB317075 [jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 GoodsController.java updateGoods nâng cao đặc quyền]
điểm20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!