Fuyang Lipengjun Platform Improper Authorization Vulnerability in BrandController
Vulnerability
A vulnerability exists in Fuyang Lipengjun Platform version 1.0, specifically within the BrandController's queryAll function. This weakness allows for improper authorization, enabling any authenticated user to access brand information that should be restricted to administrators. The vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability leads to unauthorized access to sensitive brand information, which could be misused for competitive advantage or to undermine the integrity of the platform's data management.
Reproduction
To reproduce this vulnerability, log into the application with any user account, including those with low privileges. Then, send a GET request to the /brand/queryAll endpoint. The server will respond with a complete list of brand information, which should only be accessible to users with administrative rights.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.