Affected version
V1.1.2
1、 Black box test
Logical vulnerability in system settings - role management - authorization location
Cancel user management role management in system settings - role management - authorization location
User management - add - add user test
Log in to the test user, who has no user management and role management permissions
Access the admin user api, find that the user can be added, judge that the authorization location is invalid, and add the user successfully
Finally, log in to the admin user again and find that the unauthorized user creation is successful.
2、 Code analysis
Cancel user management role management in system settings - role management - authorization location
It is found that delete is executed according to roleId
Trace the database. It is found that the database is empty and there is a logical vulnerability in the location
Execute the sql statement and find the prompt Duplicate entry '104' for key 'PRIMARY'. Therefore, the location is invalid and there is a logical vulnerability