Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
youlai-boot 安全漏洞
Vulnerability Description
youlai-boot是中国youlaiorg开源的一个权限管理系统。 youlai-boot V2.21.1版本存在安全漏洞,该漏洞源于SysUserController.java中的importUsers函数未对当前用户身份进行权限检查,可能导致普通用户将用户数据导入数据库,导致授权绕过漏洞。
CVSS Information
N/A
Vulnerability Type
N/A