Lucene search
K

87 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-15186

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...

6.5CVSS0.00237EPSS
Exploits0References6
CVE
CVE
added 6 days ago12 views

CVE-2026-15186

The CVE-2026-15186 vulnerability affects macrozheng mall (up to version 1.0.3) in the Portal Endpoint’s /returnApply/create function, where manipulating the orderId can lead to improper control of resource identifiers. This is a network-exposed issue with a low- to medium-severity CVSS range (bas...

6.5CVSS6.3AI score0.00237EPSS
Exploits0References6
OSV
OSV
added 6 days ago2 views

CVE-2026-15186 macrozheng mall Portal Endpoint create resource injection

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/06 12:0 a.m.28 views

CVE-2026-5606 PHPGurukul Online Shopping Portal Project Parameter order-details.php sql injection

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible to launch the atta...

6.5CVSS0.00255EPSS
Exploits0References5
CVE
CVE
added 2026/04/06 12:0 a.m.15 views

CVE-2026-5606

The CVE-2026-5606 entry describes a SQL injection vulnerability in PHPGurukul Online Shopping Portal Project 2.1, specifically in the Parameter Handler’s unknown function within /order-details.php where the orderid argument is manipulable. The issue can be exploited remotely by an attacker and is...

6.5CVSS6.5AI score0.00255EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.7 views

PT-2026-30514

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible to launch the atta...

6.5CVSS6.5AI score0.00255EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “orderid”...

6.5CVSS6.7AI score0.00255EPSS
Exploits0References5
NVD
NVD
added 2025/12/05 2:15 p.m.5 views

CVE-2025-14085

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploi...

8.8CVSS0.0035EPSS
Exploits1References4
OSV
OSV
added 2025/12/05 2:2 p.m.5 views

CVE-2025-14085 youlaitech youlai-mall orders improper control of dynamically-identified variables

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploi...

5.3CVSS6AI score0.0035EPSS
Exploits1References6
CNVD
CNVD
added 2025/11/18 12:0 a.m.4 views

mall-swarm authorization issue vulnerability (CNVD-2026-10877)

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the cancelOrder function in the file /order/cancelOrder, and no detailed vulnerability details are provided...

5.5CVSS5.5AI score0.00296EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/14 4:5 p.m.8 views

CVE-2025-13118

A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be...

6.5CVSS6.3AI score0.00232EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/14 2:59 p.m.8 views

CVE-2025-13117

A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The...

5.5CVSS5.4AI score0.00296EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/13 3:30 p.m.6 views

EUVD-2025-169290

A security flaw has been discovered in macrozheng mall-swarm up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack...

5.3CVSS6.2AI score0.00319EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/11/13 3:2 p.m.12 views

CVE-2025-13118 macrozheng mall-swarm paySuccess improper authorization

A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be...

6.5CVSS0.00232EPSS
Exploits1References6
EUVD
EUVD
added 2025/11/13 3:2 p.m.5 views

EUVD-2025-175308

A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be...

6.5CVSS6.3AI score0.00232EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/11/13 3:2 p.m.5 views

CVE-2025-13118 macrozheng mall-swarm paySuccess improper authorization

A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be...

6.5CVSS6.3AI score0.00232EPSS
Exploits1References6
CVE
CVE
added 2025/11/13 3:2 p.m.19 views

CVE-2025-13118

Summary (CVE-2025-13118): Macrozheng mall-swarm and mall up to 1.0.3 are affected. The paySuccess function in /order/paySuccess is vulnerable to argument tampering of orderID, resulting in improper authorization. The issue is exploitable remotely; exploits are public. Multiple connected sources c...

6.5CVSS6.3AI score0.00232EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2025/11/13 2:32 p.m.3 views

CVE-2025-13117 macrozheng mall-swarm/mall cancelOrder improper authorization

A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The...

5.3CVSS5.7AI score0.00296EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/11/13 2:32 p.m.5 views

CVE-2025-13117 macrozheng mall-swarm/mall cancelOrder improper authorization

A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The...

5.5CVSS5.4AI score0.00296EPSS
Exploits1References6
CVE
CVE
added 2025/11/13 2:32 p.m.17 views

CVE-2025-13117

CVE-2025-13117 affects macrozheng mall-swarm up to version 1.0.3, targeting the cancelOrder function in /order/cancelOrder. The issue arises from manipulation of the orderId parameter, causing improper authorization. An attacker can trigger this remotely and public exploitation has been disclosed...

5.5CVSS5.4AI score0.00296EPSS
Exploits1References6Affected Software2
Rows per page
Query Builder