Описание
A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.3 (включая)
cpe:2.3:a:macrozheng:mall:*:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00031
Низкий
5.4 Medium
CVSS3
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-266
Связанные уязвимости
CVSS3: 5.4
github
3 месяца назад
A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.
EPSS
Процентиль: 9%
0.00031
Низкий
5.4 Medium
CVSS3
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-266