Home

Description

An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.

PUBLISHED Reserved 2023-07-25 | Published 2023-08-03 | Updated 2024-10-18 | Assigner mitre

References

github.com/thinkgem/jeesite/issues/520

github.com/thinkgem/jeesite/issues/520

cve.org (CVE-2023-38991)

nvd.nist.gov (CVE-2023-38991)

Download JSON