jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java updateGoods authorization

July 21, 2025 invoker category_cve

CVE Details

Basic Information

Title jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java updateGoods authorization
Type cve
Published 2025-07-21T20:02:05.704Z
Modified 2025-07-21T20:02:05.704Z

Product Information

Vendor jerryshensjf
Product JPACookieShop 蛋糕商城JPA版
Version 1.0

CVSS Information

Base Score 5.3 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Affected Products

  • jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0

Additional Information

CWE List CWE-639, CWE-285
Source VulDB

Description

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.