youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow re
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberC
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.
Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.
A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper auth
A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/Member
A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\co
This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control (RBAC) through dual dependency on frontend menu systems and backend permission tab
Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component.
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper au
A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\
A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executin
A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller
In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed.
A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument
In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Andr
Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.
Page 1+ Next →