41 matches found
CVE-2026-7672
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
CVE-2026-7672
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
EUVD-2026-26805
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
CVE-2026-7672 youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
CVE-2026-7672
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
CVE-2026-7672
The CVE-2026-7672 vulnerability affects youlaitech youlai-boot (up to version 2.21.1) in the Users Endpoint, specifically the getUserList function in src/main/java/com/youlai/boot/system/controller/UserController.java. The issue arises from manipulation of the argument order, enabling SQL injecti...
CVE-2026-7672 youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
youlai-boot 注入漏洞
Youlai-Boot is a permission management system open source by Youlaiorg in China. Versions of Youlai-Boot 2.21.1 and earlier had a injection vulnerability. This vulnerability originated from the function getUserList in the Users Endpoint component’s file...
PT-2026-36642
Name of the Vulnerable Software and Affected Versions youlaitech youlai-boot versions prior to 2.21.2 Description A SQL injection issue exists in the Users Endpoint. The flaw is located in the getUserList function within the src/main/java/com/youlai/boot/system/controller/UserController.java file...
CVE-2025-66736
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...
CVE-2025-66736
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...
CVE-2025-66735
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles...
CVE-2025-66736
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...
CVE-2025-66735
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles...
CVE-2025-66736
CVE-2025-66736 affects youlai-boot v2.21.1 and is due to an incorrect access control in the importUsers function of SysUserController.java, which does not perform a permission check on the current user. This may allow regular users to import user data into the database, resulting in an authorizat...
CVE-2025-66736
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...
youlai-boot 安全漏洞
youlai-boot is a permission management system open source by China youlaiorg. A security vulnerability exists in youlai-boot version V2.21.1, which stems from the getRoleForm function in SysRoleController.java does not perform permission checking, which may result in non-root users directly...
PT-2025-52688
Name of the Vulnerable Software and Affected Versions youlai-boot version 2.21.1 Description The software contains an authorization bypass due to incorrect access control. The importUsers function within the SysUserController.java component does not verify the permissions of the current user. Thi...
CVE-2025-66735
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles...
PT-2025-52687
Name of the Vulnerable Software and Affected Versions youlai-boot version 2.21.1 Description The software contains an incorrect access control issue. The getRoleForm function in SysRoleController.java lacks proper permission checks. This may allow users without root privileges to access root role...