CVE-2018-19110
Published
CVSS v3
N/A
CVSS v2
4
MEDIUM
Affected
1
PROJECT
Description
The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check.
java轻量级的CMS解决方案-天梯。天梯是一个用java相关技术搭建的后台CMS解决方案,用户可以结合自身业务进行相应扩展,同时提供了针对dao、service等的代码生成工具。技术选型:Spring Data JPA、Hibernate、Shiro、 Spring MVC、Layer、Mysql等。
GitHub