tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column.
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tianti | Tianti_project | 2.3 (including) | 2.3 (including) |