Описание
A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authorization bypass. The attack can be launched remotely. The exploit has been made public and could be used.
EPSS
Процентиль: 9%
0.00035
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285
Связанные уязвимости
CVSS3: 4.3
github
около 1 месяца назад
A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authorization bypass. The attack can be launched remotely. The exploit has been made public and could be used.
EPSS
Процентиль: 9%
0.00035
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285