Fuyang Lipengjun Platform Improper Authorization Vulnerability in TopicCategoryController
Vulnerability
An improper authorization vulnerability has been identified in Fuyang Lipengjun Platform version 1.0. The issue resides in the TopicCategoryController, specifically within the queryAll function. This vulnerability allows authenticated users, regardless of their privilege level, to access data that should be restricted to administrators. The flaw can be exploited remotely, and a proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability leads to unauthorized access to sensitive information, allowing users to view data that should be restricted based on their role.
Reproduction
To reproduce this vulnerability, log into the application with any user account, including those with low privileges. Then, send a GET request to the '/topiccategory/queryAll' endpoint. The server will respond with a complete list of topic category information, which is typically only accessible to users with administrative privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.