Mingyuefusu Tushuguanlixitong Backend Broken Access Control Vulnerability

Vulnerability

A critical broken access control vulnerability has been identified in the Mingyuefusu Tushuguanlixitong (图书管理系统) application, in versions prior to the commit d4836f6b49cd0ac79a4021b15ce99ff7229d4694. The vulnerability resides in the Backend component, specifically within the doFilter function of the /admin/ directory. This issue allows unauthorized users to access any interface in the system administrator's backend, bypassing authentication altogether.

Impact

Exploitation of this vulnerability could lead to unauthorized access to administrative interfaces, allowing for potential manipulation of backend data and settings.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mingyuefusu Tushuguanlixitong Backend Broken Access Control Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating