从提供的截图中,我们可以提取到以下关于漏洞的关键信息: Summary & Impact: - Notice create/update/delete/batch delete endpoints lack authorization checks. Any logged-in user can publish or remove system notices, which can be abused to spread misinformation, hide critical announcements, or disrupt internal communication. Affected Code: The code snippets for the following endpoints are affected: - at line 76 - at line 95 - at line 111 - at line 127 PoC: 1. Login as a low-privileged user 2. Send request to delete notice. (id is notice id) 3. Response successfully. Further login as super admin to check the results, find menu(id=20) deleted. Summary The repository has a security vulnerability where any logged-in user can perform actions on notices (create, update, delete, batch delete) without proper authorization checks. This could lead to the spread of misinformation, hiding critical announcements, or disrupting internal communication. The PoC demonstrates how a low-privileged user can send a request to delete a notice, which is reflected when a super admin checks the system, confirming the deletion.