6 matches found
mall-swarm authorization issue vulnerability (CNVD-2026-10878)
mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the improper handling of the orderId parameter in the cancelUserOrder function in the file /order/cancelUserOrder, and no detailed vulnerability details are provided...
EUVD-2025-175322
A weakness has been identified in macrozheng mall-swarm up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13116 macrozheng mall-swarm/mall cancelUserOrder improper authorization
A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit h...
CVE-2025-13116
CVE-2025-13116 affects macrozheng mall-swarm and mall up to 1.0.3. The issue is in the function cancelUserOrder in /order/cancelUserOrder, where manipulating the argument orderId can cause improper authorization. Attacks are described as remotely executable and a public exploit exists. Multiple c...
PT-2025-46829
A weakness has been identified in macrozheng mall-swarm up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-9835
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and m...