CNNVD-202601-799 Information

CNNVD ID

CNNVD-202601-799

Related CVE

CVE-2026-0574

• CNNVD Published: 2026-01-04

Description (Chinese)

warehouse是yeqifu个人开发者的一个基于spring boot的中小型仓库物流管理系统。 warehouse存在授权问题漏洞，该漏洞源于文件warehousesrcmainjavacomyeqifusyscontrollerUserController.java中函数saveUserRole的授权不当，可能导致权限提升。

Description (English)

Warehouse is a small and medium-sized warehouse logistics management system based on spring Boot, which is ayeqifu personal developer. There is a mandate gap in the warehouse, which arises out of the inappropriate authorization of the UserController.java function in document warehousesrcmainjavacomyeqifusyscontroller, which may lead to an increase in privileges.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

个人开发者

Published

2026-01-04

Last Modified

2026-02-24

References

https://github.com/5i1encee/Vul/blob/main/Vertical_privilege_escalation_Vulnerability_in_Project_yeqifu_warehouse.md https://github.com/5i1encee/Vul/blob/main/Vertical_privilege_escalation_Vulnerability_in_Project_yeqifu_warehouse.md#poc https://vuldb.com/?ctiid.339458 https://vuldb.com/?submit.729374 https://vuldb.com/?id.339458 https://access.redhat.com/security/cve/cve-2026-0574