32 matches found
CVE-2026-47740
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...
CVE-2026-47740 Shopper: Authorization bypass in multiple Livewire admin components
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...
CVE-2026-4563
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...
EUVD-2026-14339
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...
CVE-2026-4563
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...
maccms 安全漏洞
MacCMS is a comprehensive and powerful website building system developed under the PHP+MySQL environment by MagicBlack. Versions of MacCMS prior to 2025.1000.4052 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the orderid parameter in the Member Order...
CVE-2026-4563 MacCMS Member Order Detail User.php order_info authorization
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...
CVE-2026-4563 MacCMS Member Order Detail User.php order_info authorization
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...
CVE-2026-4563
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...
CVE-2026-4563
MacCMS (up to 2025.1000.4052) contains a vulnerability in the function order_info within application/index/controller/User.php of the Member Order Detail Interface that allows authorization bypass via manipulation of the order_id parameter. A remote attack is possible, and public exploits exist o...
PT-2026-27035
Name of the Vulnerable Software and Affected Versions MacCMS versions prior to 2025.1000.4052 Description A weakness exists in MacCMS that allows authorization bypass. This issue affects the order info function within the application/index/controller/User.php file, specifically within the Member...
CVE-2026-1733
A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...
CVE-2026-1733
A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...
CVE-2026-1733
A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...
CVE-2026-1733 Zhong Bang CRMEB :uni tidyOrder improper authorization
A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...
CVE-2026-1733
A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...
CVE-2026-1733 Zhong Bang CRMEB :uni tidyOrder improper authorization
A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...
CVE-2026-1733
CVE-2026-1733 affects Zhong Bang CRMEB up to v5.6.3, where in the detail/tidyOrder path (/api/store_integral/order/detail/:uni) an order_id parameter can be manipulated to bypass authorization. The issue is exploitable remotely and a public exploit exists. Red Hat and CVE listings confirm the sam...
PT-2026-5585
Name of the Vulnerable Software and Affected Versions Zhong Bang CRMEB versions prior to 5.6.4 Description A security issue exists in Zhong Bang CRMEB. Improper authorization can occur due to manipulation of the order id argument within the detail/tidyOrder function located in the /api/store...
mall-swarm authorization issue vulnerability (CNVD-2026-10879)
mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the detail function in file /order/detail, no details of the vulnerability are provided at this time...