CVE-2025-9836

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions macrozheng mall versions up to 1.0.3

Description A vulnerability exists in the paySuccess function of the /order/paySuccess file. Manipulation of the orderId argument can lead to authorization bypass. The exploit has been made public.

Recommendations Update macrozheng mall to a version newer than 1.0.3. As a temporary workaround, restrict access to the /order/paySuccess file. Avoid using the orderId parameter in the paySuccess function until the issue is resolved.

Exploit

Fix

Improper Authorization

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-639

Related Identifiers

CVE-2025-9836

Affected Products

Macrozheng Mall

CVE-2025-9836

Weakness Enumeration

Related Identifiers

Affected Products

References · 9