CNNVD-202512-2736 Information
CNNVD ID
CNNVD-202512-2736
Related CVE
- CNNVD Published: 2025-12-15
Description (Chinese)
Sixun Shanghui Business Management System是中国思迅(Sixun)公司的一个集团商业管理系统。 Sixun Shanghui Business Management System 4.10.24.3版本存在授权问题漏洞,该漏洞源于文件/api/GylOperator/UpdatePasswordBatch存在弱密码恢复问题。
Description (English)
Sixun Shanghui Business Management System is a group business management system of Sixun China. Sixun Shanghui Business Management System version 4.10.24.3 has a mandate gap, which stems from weak password restoration problems in document/api/GylOperator/UpdatePasswordbatch.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
思迅
Published
2025-12-15
Last Modified
2026-02-24
References
https://github.com/zhangbuneng/Sissyun-Shanghui-7-Unauthorized-password-modificationfication-vulnerability./issues/1 https://github.com/zhangbuneng/Sissyun-Shanghui-7-Unauthorized-password-modificationfication-vulnerability./issues/1#issue-3688839620 https://vuldb.com/?ctiid.336414 https://vuldb.com/?id.336414 https://vuldb.com/?submit.705601
Share on: