macrozheng mall Member Endpoint update improper authorization_CVE-2025-15118

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Basic Information

ID CVE-2025-15118

Source VulDB

Published Dec 28, 2025 at 03:02

Affected Product

Vendor macrozheng

Product mall

Version 1.0.0

Affected Versions macrozheng mall 1.0.0
macrozheng mall 1.0.1
macrozheng mall 1.0.2
macrozheng mall 1.0.3

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.",
    "published": "2025-12-28T03:02:05.540Z",
    "modified": "2025-12-28T03:02:05.540Z",
    "type": "cve",
    "title": "macrozheng mall Member Endpoint update improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338496\nhttps://vuldb.com/?ctiid.338496\nhttps://vuldb.com/?submit.711758\nhttps://github.com/Hwwg/cve/issues/31",
    "id": "CVE-2025-15118",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "macrozheng mall 1.0.0\nmacrozheng mall 1.0.1\nmacrozheng mall 1.0.2\nmacrozheng mall 1.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mall",
    "version": "1.0.0",
    "vendor": "macrozheng",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}