Primary

Context

dts-shop Incorrect Access Control Vulnerability Allowing Authentication Bypass

Vulnerability

A vulnerability allowing authentication bypass has been identified in dts-shop version 0.0.1-SNAPSHOT. This issue arises from incorrect access control, specifically in APIs that require authentication. The vulnerability can be exploited by sending a crafted payload to the '/admin/auth/index' API, which bypasses authentication and grants unauthorized access.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling attackers to access protected APIs without proper authorization.

Reproduction

To reproduce this vulnerability, send a request to the '/admin/auth/index' API with a payload that includes a path traversal sequence. This will bypass the authentication checks and grant access to the API.

Added: Aug 20, 2025, 8:17 PM

Updated: Aug 20, 2025, 8:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

dts-shop Incorrect Access Control Vulnerability Allowing Authentication Bypass

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating