Thecosy / IceCMS

🌈冰激凌内容管理系统🍦,实现MacWK资源站,社区图片视频圈子CMS,支持网页端移动端小程序🌟适合做 资讯商城,社区论坛,聊天交友 社区,博客,圈子,论坛,图片,视频,社交。
https://www.icecms.cn
GNU Affero General Public License v3.0
1.62k stars 237 forks source link

[vulnerability security] Vertical Privilege Escalation Vulnerability #28

Open GatekeeperBuster opened 3 months ago

GatekeeperBuster commented 3 months ago

Recently, our team discovered a security vulnerability that has led to an unauthorized access issue in the latest version of the project, which could pose a serious risk of information leakage.

The URL of the vulnerability is http://localhost:port/squareComment/getAllSquare/{page}/{limit} within the method. This means that attackers can use the backend API directly without authentication.

Please note that the URL provided is a placeholder and should be replaced with the actual URL of the vulnerability if you are sharing this information with others. Also, it's important to address such vulnerabilities promptly to mitigate any potential risks. image