PT-2026-27035 · Maccms · Maccms

Huajihd

Publicado

2026-03-22

Atualizado

2026-03-24

CVE-2026-4563

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions MacCMS versions prior to 2025.1000.4052

Description A weakness exists in MacCMS that allows authorization bypass. This issue affects the order info function within the application/index/controller/User.php file, specifically within the Member Order Detail Interface. Manipulation of the order id argument can lead to unauthorized access. The exploit for this issue has been publicly released and could be used for remote attacks.

Recommendations Update MacCMS to version 2025.1000.4052 or later. As a temporary workaround, restrict access to the order info function within the application/index/controller/User.php file. Avoid using the order id parameter in the affected interface until the issue is resolved.

Exploit

Correção

IDOR

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-639CWE-285

Identificadores relacionados

CVE-2026-4563

Produtos afetados

Maccms

PT-2026-27035 · Maccms · Maccms

CVE-2026-4563

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9