CVE-2023-27088

Published: Mar 8, 2023Modified: Mar 5, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will.

Affected (1)

Products: Feiqu Opensource Project: Feiqu Opensource

Feiqu Opensource Project

1 product

Feiqu Opensource

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Feiqu Opensource Project Feiqu Opensource	All versions

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://github.com/chen87548081/feiqu-opensource/issues/2

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/chen87548081/feiqu-opensource/issues/2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.