exploitDog

GHSA-7v52-p3w5-3m2m

Опубликовано: 12 янв. 2026

Источник: github

Github: Не прошло ревью

CVSS3: 8.2

Описание

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId.

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId.

Ссылки

EPSS

Процентиль: 10%

0.00035

Низкий

8.2 High

CVSS3

CVE ID

Дефекты

CWE-639

Связанные уязвимости

CVE-2023-36331

CVSS3: 8.2

nvd

26 дней назад

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId.

EPSS

Процентиль: 10%

0.00035

Низкий

8.2 High

CVSS3

CVE ID

Дефекты

CWE-639