Arbitrary Menu Deletion Vulnerability in jeesite v1.2.6

Arbitrary Menu Deletion Vulnerability in jeesite v1.2.6

CVE-2023-38990 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator.

Learn more about our Web Application Penetration Testing UK.