| 标题 | feiyuchuixue https://github.com/feiyuchuixue/sz-boot-parent sz-boot-parent <= v1.3.2-beta IDOR |
|---|
| 描述 | The API endpoint /api/admin/sys-message/{messageId} contains a critical security flaw that permits unauthorized malicious enumeration of the dynamic messageId path parameter, enabling any unauthenticated or low-privilege user to iterate through sequential or predictable messageId values and improperly access, view, and retrieve the private and sensitive message content belonging to other legitimate users within the system without any proper access control or authorization validation in place. |
|---|
| 来源 | ⚠️ https://github.com/yuccun/CVE/blob/main/sz-boot-parent-IDOR_Message_ID_Enumeration.md |
|---|
| 用户 | yuccun (UID 93614) |
|---|
| 提交 | 2026-02-07 19時48分 (3 月前) |
|---|
| 管理 | 2026-02-25 09時32分 (18 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 347743 [feiyuchuixue sz-boot-parent 直到 1.3.2-beta API Endpoint /api/admin/sys-message/ messageId 权限提升] |
|---|
| 积分 | 20 |
|---|