CVE-2026-4563

Name of the Vulnerable Software and Affected Versions MacCMS versions prior to 2025.1000.4052

Description A weakness exists in MacCMS that allows authorization bypass. This issue affects the order info function within the application/index/controller/User.php file, specifically within the Member Order Detail Interface. Manipulation of the order id argument can lead to unauthorized access. The exploit for this issue has been publicly released and could be used for remote attacks.

Recommendations Update MacCMS to version 2025.1000.4052 or later. As a temporary workaround, restrict access to the order info function within the application/index/controller/User.php file. Avoid using the order id parameter in the affected interface until the issue is resolved.