CVE-2025-13115

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions macrozheng mall-swarm versions up to 1.0.3 macrozheng mall versions up to 1.0.3

Description A security flaw exists due to improper authorization when manipulating the orderId argument in the function detail of the Order Details Handler component. This flaw is located in the file '/order/detail/'. The attack can be initiated remotely, and the exploit is publicly available. The vendor was informed of this issue but did not respond.

Recommendations Versions up to 1.0.3 should be updated.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2025-13115

Affected Products

Mall

Mall-Swarm

CVE-2025-13115

Weakness Enumeration

Related Identifiers

Affected Products

References · 11