提交 #754431: warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls信息

标题warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls
描述Sales and salesback endpoints do not enforce permissions. Attackers can forge sales or return records, delete legitimate records, and manipulate revenue/stock data, which impacts accounting accuracy and business reporting. These endpoints should enforce role-based access control, validate ownership/workflow state, and log all changes for auditability.
来源⚠️ https://github.com/yeqifu/warehouse/issues/63
用户
 AliceS614 (UID 94277)
提交2026-02-09 05時58分 (5 月前)
管理2026-02-20 10時01分 (11 days later)
状态已接受
VulDB条目347088 [yeqifu warehouse 直到 aaf29962ba407d22d991781de28796ee7b4670e4 Sales Endpoint SalesController.java addSales/updateSales/deleteSales 权限提升]
积分18

Do you need the next level of professionalism?

Upgrade your account now!