macrozheng mall cancelUserOrder cancelOrder authorization_CVE-2025-9835

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-9835

Source VulDB

Published Sep 2, 2025 at 21:32

Affected Product

Vendor macrozheng

Product mall

Version 1.0.0

Affected Versions macrozheng mall 1.0.0
macrozheng mall 1.0.1
macrozheng mall 1.0.2
macrozheng mall 1.0.3

CWE Classification

CWE-639 CWE-285

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-09-02T21:32:06.106Z",
    "modified": "2025-09-02T21:32:06.106Z",
    "type": "cve",
    "title": "macrozheng mall cancelUserOrder cancelOrder authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.322182\nhttps://vuldb.com/?ctiid.322182\nhttps://vuldb.com/?submit.641729\nhttps://github.com/ez-lbz/poc/issues/46\nhttps://github.com/ez-lbz/poc/issues/46#issue-3354477952",
    "id": "CVE-2025-9835",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639",
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "macrozheng mall 1.0.0\nmacrozheng mall 1.0.1\nmacrozheng mall 1.0.2\nmacrozheng mall 1.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mall",
    "version": "1.0.0",
    "vendor": "macrozheng",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}