Improper Privilege Management in liukuo362573/yishaadmin


Reported on

Jan 24th 2022


Hi there, there is another improper privilege management in /admin/OrganizationManage/Position/GetFormJson

Proof of Concept

  1. Access the link
  2. See that the page return with position data.


This vulnerability is capable of data exposure.

We are processing your report and will contact the liukuo362573/yishaadmin team within 24 hours. 4 months ago
We have contacted a member of the liukuo362573/yishaadmin team and are waiting to hear back 4 months ago
liukuo362573 validated this vulnerability 4 months ago
M0rphling has been awarded the disclosure bounty
The fix bounty is now up for grabs
liukuo362573 confirmed that a fix has been merged on c5910a 4 months ago
The fix bounty has been dropped
to join this conversation