CNNVD-202507-2814 Information

CNNVD ID

CNNVD-202507-2814

Related CVE

CVE-2025-7938

• CNNVD Published: 2025-07-21

Description (Chinese)

JPACookieShop是Jerryshensjf个人开发者的一款蛋糕商城平台软件。 JPACookieShop 1.0版本存在安全漏洞，该漏洞源于对文件GoodsController.java中函数updateGoods的错误操作导致授权绕过。

Description (English)

JPACookieShop is a cake mall platform for Jerryshensjf’s personal developer. There is a security loophole in JPACookieShop 1.0, which results from an error in the middle of the file GoodsController.java functionupdateGoods leading to the authorization circumvention.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-07-21

Last Modified

2026-02-24

References

https://vuldb.com/?submit.618985 https://vuldb.com/?ctiid.317075 https://vuldb.com/?id.317075 https://github.com/Bemcliu/cve-reports/blob/main/cve-02-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Privilege%20Escalation/readme.md