CVE-2025-15582

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions detronetdip E-commerce version 1.0.0

Description A security flaw exists in detronetdip E-commerce 1.0.0, specifically within the Delete/Update function of the Product Management Module. Manipulation of the ID argument can lead to authorization bypass. Remote exploitation is possible, and the exploit has been publicly released. The project was notified of the issue but has not yet responded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authorization

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-639

Related Identifiers

CVE-2025-15582

Affected Products

Detronetdip E-Commerce

CVE-2025-15582

Weakness Enumeration

Related Identifiers

Affected Products

References · 11