关键漏洞信息 漏洞标题: Data Exfiltration via Export Functions Allowing Access to All Users' Private Links 严重性: High (7.1/10) CVE ID: CVE-2025-62720 受影响版本: < v2.3.1 已修复版本: None CVSS v4 base metrics - Exploitability Metrics - Attack Vector: Network - Attack Complexity: Low - Attack Requirements: None - Privileges Required: Low - User Interaction: None - Vulnerable System Impact Metrics - Confidentiality: High - Integrity: None - Availability: None - Subsequent System Impact Metrics - Confidentiality: None - Integrity: None - Availability: None 漏洞描述 Summary The ExportController class contains export functionality that allows any authenticated user to export the entire database of links from all users, including private links that should only be accessible to their owners. The HTML and CSV export functions retrieve all links without applying any ownership or visibility filtering, effectively bypassing all access controls. Details Vulnerable Endpoints: 1. POST /export/html - Exports all links as HTML file. 2. POST /export/csv - Exports all links as CSV file. The vulnerable code is located at . Proof of Concept Screenshots demonstrating successful data exfiltration via the export functionality. Recommendations Implement proper authorization by filtering exported links to only include those belonging to the authenticated user. Modify both export methods to apply the scope before retrieving links. This scope is already implemented in the application's trait.