forest 代码注入漏洞

Forest is a modern knowledge community backend project developed by RYMCU. It is implemented using SpringBoot, Shiro, MyBatis, JWT, and Redis. Versions of Forest 0.0.5 and earlier have a code injection vulnerability. This vulnerability stems from incorrect operations in the updateUserInfo functio...

EUVD-2023-34641

Malicious code in bioql PyPI...

CVE-2025-2089 StarSea99 starsea-mall com.siro.mall.controller.mall.UserController updateInfo updateUserInfo access control

A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads ...

PT-2023-22592 · Unknown · Newbee-Mall

Name of the Vulnerable Software and Affected Versions: newbee-mall versions prior to commit 1f2c2dfy Description: The issue is related to insecure permissions in the updateUserInfo function, which allows attackers to obtain user account information. Recommendations: For versions prior to commit...

CVE-2023-30216

Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information...