PT-2023-26719 · Jeesite · Jeesite

Yanzhou-Felicity

Publicado

2023-08-01

Atualizado

2023-08-05

CVE-2023-38990

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions jeesite version 1.2.6

Description An issue in the delete function in the MenuController class allows authenticated attackers to arbitrarily delete menus created by the Administrator.

Recommendations For jeesite version 1.2.6, consider disabling the delete function in the MenuController class until a patch is available to prevent arbitrary deletion of menus. Restrict access to the MenuController class to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-38990

Produtos afetados

Jeesite

PT-2023-26719 · Jeesite · Jeesite

CVE-2023-38990

Identificadores relacionados

Produtos afetados

Referências · 5