PT-2023-26717 · Jeesite · Jeesite
Yanzhou-Felicity
·
Publicado
2023-07-28
·
Atualizado
2023-08-03
·
CVE-2023-38988
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
jeesite version 1.2.6
Description
An issue in the delete function in the OaNotifyController class allows authenticated attackers to arbitrarily delete notifications created by Administrators.
Recommendations
For jeesite version 1.2.6, consider disabling the delete function in the OaNotifyController class until a patch is available. Restrict access to the OaNotifyController class to minimize the risk of exploitation. Avoid using the delete function for notifications created by Administrators until the issue is resolved.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Jeesite