Описание
A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authorization bypass. The attack can be launched remotely. The exploit has been made public and could be used.
Ссылки
- Broken Link
- Broken Link
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.3 (включая)
cpe:2.3:a:macrozheng:mall:*:*:*:*:*:*:*:*
EPSS
Процентиль: 14%
0.00046
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285
Связанные уязвимости
CVSS3: 4.3
github
3 месяца назад
A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authorization bypass. The attack can be launched remotely. The exploit has been made public and could be used.
EPSS
Процентиль: 14%
0.00046
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285