Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mercator has a Personal Identifiable Information Leak from Query Executor feature
Vulnerability Description
Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine (`/admin/queries/execute`) accepts a JSON DSL (`from` / `select` / `filters` / `traverse` / `output`), translates it into an Eloquent query, and returns results as JSON. The controller method `QueryController::execute()` does not enforce an authorization gate, unlike `store()` and `massDestroy()` in the same controller which are correctly protected. As a result, any authenticated account — including the read-only Auditor role — can query models beyond its intended scope, including the `User` model. Additionally, the `password` column, although declared `$hidden`, is not excluded from filter predicates, which allows it to be used in `LIKE` conditions. The `schema()` and `schemaModel()` endpoints of the same controller are similarly unguarded. The Query Engine is read-only; integrity and availability are not affected. Version 2025.05.19 patches the issue.
CVSS Information
N/A
Vulnerability Type
侵犯隐私
Vulnerability Title
Sourcentis Mercator 信息泄露漏洞
Vulnerability Description
sourcentis mercator是sourcentis公司开源的一款IT资产管理工具。 Sourcentis Mercator 2025.05.19之前版本存在信息泄露漏洞,该漏洞源于查询引擎未强制授权门控,且密码列未被排除在筛选谓词之外,可能导致任何经过身份验证的账户查询超出预期范围的模型(包括User模型)以及使用密码列进行LIKE条件查询。
CVSS Information
N/A
Vulnerability Type
N/A