You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[2 secueiry issue]jeecg-boot <= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system
#2794
版本号:
<=2.4.5
问题描述:
1. leaks sensitive information api uri: /sys/user/querySysUser?username=admin
leaks sensitive information such as phone .etc
2. Enumerate usernames api uri:/sys/user/checkOnlyUser?username=admin
Through enumeration, it is found that there are 2 accounts admin and user1 in the system
截图&代码:
version:2.4.5




友情提示: 未按格式要求发帖,会直接删掉。
The text was updated successfully, but these errors were encountered: