提交 #643392: elunez eladmin latest broken function level authorization信息

标题elunez eladmin latest broken function level authorization
描述Arbitrary File Deletion: A low-privileged user with storage:del permission can delete files belonging to other users. The deleteFile method in LocalStorageController only checks for the storage:del permission but does not verify if the user is the owner of the file being deleted. Request: DELETE /api/localStorage HTTP/1.1 Host: <host>
来源⚠️ https://www.cnblogs.com/aibot/p/19063329
用户
 Anonymous User
提交2025-08-28 17時37分 (8 月前)
管理2025-09-03 13時40分 (6 days later)
状态已接受
VulDB条目322339 [elunez eladmin 1.1 LocalStorageController deleteFile 权限提升]
积分19

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!