Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dreamer CMS overreach loophole #9

Closed
laoquanshi opened this issue Mar 9, 2023 · 1 comment
Closed

Dreamer CMS overreach loophole #9

laoquanshi opened this issue Mar 9, 2023 · 1 comment

Comments

@laoquanshi
Copy link

Hello, I'm Li Jiakun, a security researcher
Affected version: 4.0.0
Any user can access the port without verifying the current user information
image
Background applications do not control permissions, or only control permissions on menus and buttons. As a result, malicious users can access or control data or pages owned by other roles by guessing the urls or sensitive parameter information of other management pages, achieving the purpose of enhancing permissions.

@iteachyou-wjn
Copy link
Owner

completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants