← voltar
CVE-2025-13115

macrozheng mall-swarm/mall Order Details detail improper authorization

CVSS 5.3 MEDIUMEPSS 0.3%CWE-266CWE-285
A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
macrozheng · mallmacrozheng · mall-swarm

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Hwwg/cve/issues/11https://github.com/Hwwg/cve/issues/6https://vuldb.com/?ctiid.332320https://vuldb.com/?id.332320https://vuldb.com/?submit.683222https://vuldb.com/?submit.686528