41 matches found
CVE-2026-7672
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
CVE-2026-7672
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
CVE-2026-7672
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
EUVD-2026-26805
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
CVE-2026-7672 youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
CVE-2026-7672
The CVE-2026-7672 vulnerability affects youlaitech youlai-boot (up to version 2.21.1) in the Users Endpoint, specifically the getUserList function in src/main/java/com/youlai/boot/system/controller/UserController.java. The issue arises from manipulation of the argument order, enabling SQL injecti...
CVE-2026-7672 youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
PT-2026-36642
Name of the Vulnerable Software and Affected Versions youlaitech youlai-boot versions prior to 2.21.2 Description A SQL injection issue exists in the Users Endpoint. The flaw is located in the getUserList function within the src/main/java/com/youlai/boot/system/controller/UserController.java file...
youlai-boot 注入漏洞
Youlai-Boot is a permission management system open source by Youlaiorg in China. Versions of Youlai-Boot 2.21.1 and earlier had a injection vulnerability. This vulnerability originated from the function getUserList in the Users Endpoint component’s file...
CVE-2025-66736
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...
CVE-2025-66735
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles...
CVE-2025-66736
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...
CVE-2025-66735
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles...
CVE-2025-66736
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...
CVE-2025-66735
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles...
CVE-2025-66736
CVE-2025-66736 affects youlai-boot v2.21.1 and is due to an incorrect access control in the importUsers function of SysUserController.java, which does not perform a permission check on the current user. This may allow regular users to import user data into the database, resulting in an authorizat...
CVE-2025-66736
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...
youlai-boot 安全漏洞
youlai-boot is a permission management system open source by China youlaiorg. A security vulnerability exists in youlai-boot version V2.21.1, which stems from the getRoleForm function in SysRoleController.java does not perform permission checking, which may result in non-root users directly...
youlai-boot 安全漏洞
youlai-boot is a permission management system open source by China youlaiorg. A security vulnerability exists in version V2.21.1 of youlai-boot. The vulnerability stems from the importUsers function in SysUserController.java not checking the current user's identity for permissions, which could le...
CVE-2025-66735
CVE-2025-66735 affects youlai-boot v2.21.1, with an Incorrect Access Control in SysRoleController.getRoleForm. The cited sources (NVD/RedHat/EUVD/CVE listing) state the function does not perform permission checks, potentially allowing non-root users to access root roles. Impact is described as hi...