You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
blog-ssm v1.0 was found to contain an unauthorized access vulnerability through the component /adminGetUserList. This vulnerability allows an attacker to obtain sensitive user information by bypassing permission checks.
[Vulnerability Type]
Improper Authorization of Index Containing Sensitive Information
Step1:After a code audit, it was found that /adminGetUserList had unauthorized access and exported sensitive user information, such as account names and passwords.
Improper Authorization In /adminGetUserList
[Suggested description]
blog-ssm v1.0 was found to contain an unauthorized access vulnerability through the component /adminGetUserList. This vulnerability allows an attacker to obtain sensitive user information by bypassing permission checks.
[Vulnerability Type]
Improper Authorization of Index Containing Sensitive Information
[Vendor of Product]
https://github.com/rawchen/blog-ssm
[Affected Product Code Base]
1.0
[Affected Component]
blog-ssm 1.0
OS: Windows/Linux/macOS
Browser: Chrome、Firefox、Safari
[Attack Vector]
Step1:After a code audit, it was found that /adminGetUserList had unauthorized access and exported sensitive user information, such as account names and passwords.
Step2:Registered account, username: text123, password: 123456.
Step3:Log in to the account you just registered and access /adminGetUserList to obtain sensitive information such as password.
[Attack Type]
Remote
[Impact Code execution]
False
[Reference(s)]
https://cwe.mitre.org/data/definitions/285.html
The text was updated successfully, but these errors were encountered: