Funadmin Information Disclosure Vulnerability in Login Component

An information disclosure vulnerability has been identified in Funadmin versions through 7.1.0-rc4. The issue arises in the login component, specifically within the 'forget.html' file. When the 'forget_uid' and 'forget_code' cookies are present, the application uses the 'getMember' function to retrieve user information. The 'forget_uid' parameter is fully controllable by the user, allowing for unauthorized access to other users' information, which constitutes a horizontal privilege escalation vulnerability. This issue can be exploited remotely, without any authentication requirements.

Impact

Exploitation of this vulnerability leads to unauthorized access to user information, allowing for horizontal privilege escalation.

Reproduction

To reproduce this vulnerability, set the 'forget_uid' and 'forget_code' cookies in the browser. When these cookies are present, the application will call the 'getMember' method with the 'forget_uid' value, retrieving the associated username. By manipulating the 'forget_uid' parameter, it's possible to access information of other users.