3 matches found
CVE-2022-23869
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...
CVE-2022-23869
In RuoYi v4.7.2 WebUI, there is a privilege-check bypass in password reset: user test1 cannot reset test3’s password per permissions, yet the /system/user/resetPwd endpoint can reset test3’s password, enabling unauthorized password-reset actions.
CVE-2022-23869
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...