Hello, I'm Li Jiakun, a security researcher
Affected version: 4.0.0
Any user can access the port without verifying the current user information
Background applications do not control permissions, or only control permissions on menus and buttons. As a result, malicious users can access or control data or pages owned by other roles by guessing the urls or sensitive parameter information of other management pages, achieving the purpose of enhancing permissions.
The text was updated successfully, but these errors were encountered:
Hello, I'm Li Jiakun, a security researcher

Affected version: 4.0.0
Any user can access the port without verifying the current user information
Background applications do not control permissions, or only control permissions on menus and buttons. As a result, malicious users can access or control data or pages owned by other roles by guessing the urls or sensitive parameter information of other management pages, achieving the purpose of enhancing permissions.
The text was updated successfully, but these errors were encountered: