macrozheng mall-swarm attr updateAttr improper authorization_CVE-2025-13114

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-13114

Source VulDB

Published Nov 13, 2025 at 13:32

Modified Nov 13, 2025 at 13:56

Affected Product

Vendor macrozheng

Product mall-swarm

Version 1.0.0

Affected Versions macrozheng mall-swarm 1.0.0
macrozheng mall-swarm 1.0.1
macrozheng mall-swarm 1.0.2
macrozheng mall-swarm 1.0.3

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-11-13T13:32:06.750Z",
    "modified": "2025-11-13T13:56:17.637Z",
    "type": "cve",
    "title": "macrozheng mall-swarm attr updateAttr improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332319\nhttps://vuldb.com/?ctiid.332319\nhttps://vuldb.com/?submit.683221\nhttps://github.com/Hwwg/cve/issues/5",
    "id": "CVE-2025-13114",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "macrozheng mall-swarm 1.0.0\nmacrozheng mall-swarm 1.0.1\nmacrozheng mall-swarm 1.0.2\nmacrozheng mall-swarm 1.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mall-swarm",
    "version": "1.0.0",
    "vendor": "macrozheng",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}