CVE-2018-19110
The CVE-2018-19110 issue affects tianti 2.3; the skin-management feature allows remote authenticated users to bypass permission checks by directly requesting /tianti-module-admin/user/skin/list, because controller/usercontroller.java maps the /skin/list path to function skinList without an author...