提交 #618985: Gitee 蛋糕商城JPA版 1.0 Incorrect Privilege Assignment信息

标题Gitee 蛋糕商城JPA版 1.0 Incorrect Privilege Assignment
描述蛋糕商城JPA版 is vulnerable to Privilege Escalation vulnerability. The system uses Apache Shiro for permission management but fails to enforce access control on critical APIs, resulting in authorization bypass. A regular user, while authenticated, can access certain backend management functionalities that should be restricted, such as operations on product data and order information. This improper access control ultimately leads to a privilege escalation vulnerability.
来源⚠️ https://github.com/Bemcliu/cve-reports/blob/main/cve-02-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Privilege%20Escalation/readme.md
用户
 HJAQiang (UID 86075)
提交2025-07-19 16時09分 (12 月前)
管理2025-07-21 09時14分 (2 days later)
状态已接受
VulDB条目317075 [jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 GoodsController.java updateGoods 权限提升]
积分20

Do you want to use VulDB in your project?

Use the official API to access entries easily!