mogu_blog_v2 <=v5.2 Storage Management Endpoint Broken Access Control

Key Information Extraction Vulnerability Title: moxi159753 mogu_blog_v2 <=v5.2 Broken Access Control / Missing Authorization Vulnerability Description: - Affected Product: mogu_blog_v2, a microservices-based blogging system - Specific Issue: Access control vulnerabilities exist in the storage management endpoints and . The Spring Security configuration allows unauthorized access to endpoints, and the controller methods accept as a client-controlled request parameter without any authentication or authorization checks. - Impact: The service layer directly queries and modifies storage quota records in the database based on the provided value, enabling unauthorized attackers to arbitrarily manipulate the storage quota of any admin account by setting to zero (causing denial of service) or to an extremely large value (enabling unauthorized storage expansion and potential resource exhaustion). This vulnerability completely bypasses storage quota management, potentially leading to service disruption and abuse of business logic. Vulnerability Source: ![](https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-broken_access_control-1/report.md) Submitted By: sh7err04 (UID 92493) Submission Date: 11/10/2025 02:31 PM Review Date: 11/30/2025 08:51 PM Status: Accepted VulDB Entry: 333822 [moxi159753 Mogu Blog v2 up to 5.2 Storage Management Endpoint /storage/ authorization] Score: 20

Goal Reached Thanks to every supporter — we hit 100%!

mogu_blog_v2 <=v5.2 Storage Management Endpoint Broken Access Control