CVE-2025-55741 (CNNVD-202508-2727)
中文标题:
UnoPim 安全漏洞
英文标题:
unopim/unopim allows unauthorized product deletion via mass-delete endpoint
漏洞描述
中文描述:
UnoPim是UnoPim开源的一个基于 Laravel 框架的开源产品信息管理(PIM)系统。 UnoPim 0.3.0及之前版本存在安全漏洞,该漏洞源于绕过访问控制,可能导致未授权删除产品。
英文描述:
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| unopim | unopim | < 0.3.1 | - | - |
cpe:2.3:a:unopim:unopim:<_0.3.1:*:*:*:*:*:*:*
|
| webkul | unopim | * | - | - |
cpe:2.3:a:webkul:unopim:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (cna)
HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-55741 |
2025-11-11 15:23:29 | 2025-11-11 07:40:44 |
| NVD | nvd_CVE-2025-55741 |
2025-11-11 15:01:00 | 2025-11-11 07:48:31 |
| CNNVD | cnnvd_CNNVD-202508-2727 |
2025-11-11 15:12:54 | 2025-11-11 08:00:06 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202508-2727
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']