MEDIUM🇵🇱 Wersja polska

CVE-2025-8755

CVSS 5.5v4.0pub. 2025-08-09upd. 2025-09-02

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Macrozheng Mall

    APP
    Macrozheng
    ≤ 1.0.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-25858CRITICAL9.3PL ✓ten sam produkt

Macrozheng Mall – nieuwierzytelnione przejęcie konta przez ujawnienie OTP

CVE-2025-9514MEDIUM6.3ten sam produkt

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the compone...

CVE-2025-8742MEDIUM6.3ten sam produkt

A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by this issue i...

CVE-2025-15118LOW2.1ten sam produkt

W macrozheng mall do wersji 1.0.3 wykryto lukę bezpieczeństwa dotyczącą nieznanego kodu w pliku /member/addres...

CVE-2025-13443LOW2.1ten sam produkt

W mall macrozheng do wersji 1.0.3 wykryto podatność. Problem dotyczy funkcji delete w pliku /member/readHistor...