| 标题 | 274056675 springboot-openai-chatgpt No version commitID e84f6f5 Business Logic Errors |
|---|
| 描述 | Any user can update the number of questions they are allowed to ask.
## PoC
There is no access limitation for users to charge their question times, which is an essential method owned by administrator, with the API `/api/mjkj-chat/chat/mng/update/questionCou`
For detail, we can access the code. https://github.com/274056675/springboot-openai-chatgpt/blob/e84f6f5394fd9c7bbbfe1118c02f45de52abbdae/chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/MngController.java#L58
|
|---|
| 来源 | ⚠️ https://www.cnblogs.com/aibot/p/18732309 |
|---|
| 用户 | Anonymous User |
|---|
| 提交 | 2025-02-23 09時23分 (1 年前) |
|---|
| 管理 | 2025-03-14 18時08分 (19 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 299752 [274056675 springboot-openai-chatgpt e84f6f5 Number of Question questionCou updateQuestionCou 权限提升] |
|---|
| 积分 | 20 |
|---|