Mr-F0reigner/CVE-2023-47458.txt Secret

## CVE-2023-47458.txt
CVE-2023-40788

[description]
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to
escalate privileges via the lack of permissions control framework.

[Vulnerability Type]
Incorrect Access Control

[Vendor of Product]
https://gitee.com/smallc/SpringBlade

[Affected Product Code Base]
SpringBlade - SpringBlade <= 3.7.0

[Affected Component]
Upon auditing the code in the open-source repository, it was found that SpringBlade did not implement a permissions control framework and had insufficient user permission control, leading to privilege escalation vulnerabilities across all functional.

[Attack Type]
Remote

[Impact Escalation of Privileges]
true

[Attack Vectors]
Exploiting privilege escalation features directly through route construction.

[Reference]
http://springblade.com
https://gitee.com/smallc/SpringBlade

[discoverer]
Mr-F0reigner
	CVE-2023-40788

	[description]
	An issue in SpringBlade v.3.7.0 and before allows a remote attacker to
	escalate privileges via the lack of permissions control framework.

	[Vulnerability Type]
	Incorrect Access Control

	[Vendor of Product]
	https://gitee.com/smallc/SpringBlade

	[Affected Product Code Base]
	SpringBlade - SpringBlade <= 3.7.0

	[Affected Component]
	Upon auditing the code in the open-source repository, it was found that SpringBlade did not implement a permissions control framework and had insufficient user permission control, leading to privilege escalation vulnerabilities across all functional.

	[Attack Type]
	Remote

	[Impact Escalation of Privileges]
	true

	[Attack Vectors]
	Exploiting privilege escalation features directly through route construction.

	[Reference]
	http://springblade.com
	https://gitee.com/smallc/SpringBlade

	[discoverer]
	Mr-F0reigner