Arbitrary Model Deletion Vulnerability in jeesite v1.2.6

Arbitrary Model Deletion Vulnerability in jeesite v1.2.6

CVE-2023-38991 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.

Learn more about our Web Application Penetration Testing UK.