yeqifu warehouse Vertical Privilege Escalation Vulnerability

A vertical privilege escalation vulnerability exists in yeqifu warehouse versions up to aaf29962ba407d22d991781de28796ee7b4670e4. The issue is located in the UserController.java file, specifically within the saveUserRole function. This vulnerability arises from improper authorization checks, allowing ordinary users to assign themselves administrative roles. The flaw can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows users to gain unauthorized administrative privileges, enabling them to access and modify system settings and data with full administrative rights.

Reproduction

To reproduce this vulnerability, log in as a regular user and send a POST request to the /user/saveUserRole endpoint. Include the uid parameter to specify the user account and the ids parameter to indicate the role being assigned, such as the system administrator role.