exploitDog

CVE-2025-15118

Опубликовано: 28 дек. 2025

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Ссылки

https://github.com/Hwwg/cve/issues/31
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.338496
Permissions Required
VDB Entry
https://vuldb.com/?id.338496
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.711758
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:macrozheng:mall:*:*:*:*:*:*:*:*

Версия до 1.0.3 (включая)

EPSS

Процентиль: 12%

0.0004

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-266

Связанные уязвимости

GHSA-m8rq-9x47-wwr7

CVSS3: 4.3

github

около 1 месяца назад

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

EPSS

Процентиль: 12%

0.0004

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-266