macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization_CVE-2025-8755

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-8755

Source VulDB

Published Aug 9, 2025 at 14:02

Affected Product

Vendor macrozheng

Product mall

Version 1.0.0

Affected Versions macrozheng mall 1.0.0
macrozheng mall 1.0.1
macrozheng mall 1.0.2
macrozheng mall 1.0.3

CWE Classification

CWE-639 CWE-285

References

{
    "lastseen": "",
    "description": "A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-09T14:02:05.525Z",
    "modified": "2025-08-09T14:02:05.525Z",
    "type": "cve",
    "title": "macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.319253\nhttps://vuldb.com/?ctiid.319253\nhttps://vuldb.com/?submit.624046\nhttps://github.com/N1n3b9S/cve/issues/14\nhttps://github.com/N1n3b9S/cve/issues/14#issue-3269039303",
    "id": "CVE-2025-8755",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639",
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "macrozheng mall 1.0.0\nmacrozheng mall 1.0.1\nmacrozheng mall 1.0.2\nmacrozheng mall 1.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mall",
    "version": "1.0.0",
    "vendor": "macrozheng",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}