CVE-2025-13114

Name of the Vulnerable Software and Affected Versions macrozheng mall-swarm versions up to 1.0.3

Description A flaw exists in macrozheng mall-swarm that could lead to improper authorization. This issue affects the updateAttr function located in the file /cart/update/attr. The attack can be initiated remotely, and a public exploit is available. The vendor was informed of this issue but did not provide a response.

Recommendations Versions prior to 1.0.3 should be updated. As a temporary workaround, consider restricting access to the /cart/update/attr file to minimize the risk of exploitation.