PT-2026-21248 · Unknown · Detronetdip E-Commerce

Nixon-H

Publicado

2026-02-20

Atualizado

2026-02-26

CVE-2025-15582

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions detronetdip E-commerce version 1.0.0

Description A security flaw exists in detronetdip E-commerce 1.0.0, specifically within the Delete/Update function of the Product Management Module. Manipulation of the ID argument can lead to authorization bypass. Remote exploitation is possible, and the exploit has been publicly released. The project was notified of the issue but has not yet responded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authorization

IDOR

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285CWE-639

Identificadores relacionados

CVE-2025-15582

Produtos afetados

Detronetdip E-Commerce

PT-2026-21248 · Unknown · Detronetdip E-Commerce

CVE-2025-15582

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11