提交 #676283: TIME-SEA-PLUS <=2.4 Improper Control of Resource Identifiers信息

标题TIME-SEA-PLUS <=2.4 Improper Control of Resource Identifiers
描述In TIME-SEA-PLUS (https://github.com/dulaiduwang003/TIME-SEA-chatgpt), the endpoint POST /pay/alipay/status/{orderId} lacks proper resource ownership validation, allowing unauthorized access to other users’ order information.
来源⚠️ https://github.com/Hwwg/cve/issues/3
用户
 huangweigang (UID 88993)
提交2025-10-15 13時53分 (6 月前)
管理2025-10-26 18時03分 (11 days later)
状态已接受
VulDB条目329976 [dulaiduwang003 TIME-SEA-PLUS 直到 fb299162f18498dd9cf17da906886d80a077d53b Order Status PayController.java alipayIsSucceed 权限提升]
积分17

上一步一览下一步

Want to know what is going to be exploited?

We predict KEV entries!