An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38991.json",
"cna_assigner": "mitre"
}