Описание
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.3 (включая)
cpe:2.3:a:macrozheng:mall:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00042
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285
CWE-863
Связанные уязвимости
CVSS3: 4.3
github
около 1 месяца назад
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
EPSS
Процентиль: 12%
0.00042
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285
CWE-863