CVE-2021-42337

The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters...

Design/Logic Flaw

The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters...

CVE-2021-42337

CVE-2021-42337 concerns the AIFU cashier management salary query function. A bypass of permission control allows a remote attacker who has obtained general user permission to access account information (excluding passwords) by crafting URL parameters. The issue is described across multiple source...

PT-2021-23580 · Aifu · Aifu

Name of the Vulnerable Software and Affected Versions: AIFU affected versions not specified Description: The issue concerns a bypass of permission control in the AIFU cashier management salary query function. This allows a remote attacker, after obtaining general user permission, to access accoun...