6 matches found
CVE-2026-25858
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...
CVE-2026-25858 macrozheng mall <= 1.0.3 Unauthenticated Password Reset via OTP Disclosure
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...
PT-2026-6933
Name of the Vulnerable Software and Affected Versions macrozheng mall versions prior to 1.0.4 Description The software contains an authentication issue in the password reset process. An unauthenticated attacker can reset user account passwords using only a victim’s telephone number. The one-time...
EUVD-2025-24050
Malicious code in bioql PyPI...
CVE-2025-8755 macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization
A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...
PHP Scripts Mall Entrepreneur Job Portal Script Directory Traversal Vulnerability
PHP Scripts Mall Entrepreneur Job Portal Script is a PHP script that allows you to create your own job portal. A directory traversal vulnerability exists in PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1, which can be exploited to achieve directory traversal by directly requesting an image...