Описание
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:macrozheng:mall-tiny:1.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00164
Низкий
7.5 High
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 7.5
github
около 1 года назад
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state.
EPSS
Процентиль: 38%
0.00164
Низкий
7.5 High
CVSS3
Дефекты
CWE-284