Aoobooo

**Name of the Vulnerable Software and Affected Versions** MyAdmin version 1.0 **Description** The issue is related to an incorrect access control vulnerability in viewing the personal center. This vulnerability is exploited through the "/api/user/userData" endpoint, specifically when the `userCode` is set to `admin`. **Recommendations** For MyAdmin version 1.0, as a temporary workaround, consider restricting access to the "/api/user/userData" endpoint until a patch is available. Avoid using the `userCode` parameter with the value `admin` in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.