In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service.
https://gist.github.com/Sw3092567023/c420c6a5ee947d72aeab2b3e0ba92a40