Weitong Mall Product History Handler Access Control Vulnerability

A critical vulnerability has been identified in Weitong Mall version 1.0.0, specifically within the Product History Handler component. The issue arises in the /historyList file, where improper access controls allow unauthorized users to access deleted product records. This vulnerability can be exploited remotely by manipulating the isDelete parameter to retrieve sensitive data that should be restricted to admin users.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive deleted product information, allowing for potential misuse of internal data.

Reproduction

The vulnerability can be reproduced by sending a GET request to the /api/goods/historyList endpoint with the isDelete parameter set to 1. This request can be made without authentication or elevated privileges, allowing access to deleted product records that should be restricted.

Remediation

It is recommended to implement role-based access controls to ensure that only authorized users can access deleted product data. Validating a user's role before allowing the isDelete=1 filter can help mitigate this vulnerability.