📦 Mall

This vulnerability allows unauthenticated attackers to reset passwords for any user account by exploiting a flawed OTP verification process in the password reset workflow. Attackers only need a victim...

This vulnerability allows unauthorized modification of member address data in macrozheng mall versions up to 1.0.3. Attackers can exploit improper authorization in the /member/address/update/ endpoint...

This vulnerability in macrozheng mall allows attackers to bypass access controls and delete user read history records without proper authorization. Remote exploitation is possible, affecting all users...

This vulnerability allows attackers to cancel orders without proper authorization in macrozheng mall-swarm and mall applications. Attackers can exploit this remotely by manipulating the orderId parame...

This vulnerability in macrozheng mall-swarm and mall allows attackers to bypass authorization by manipulating the orderID parameter in the paySuccess function. Remote attackers can exploit this to acc...

This vulnerability allows unauthorized access to order details in macrozheng mall-swarm and mall applications. Attackers can manipulate the orderId parameter to view orders they shouldn't have access ...

This vulnerability allows improper authorization in macrozheng mall-swarm and mall applications up to version 1.0.3. Attackers can manipulate the orderId parameter in the cancelUserOrder function to p...

This vulnerability allows attackers to bypass authorization checks in the cancelOrder function of macrozheng mall. By manipulating the orderId parameter, unauthorized users can cancel orders they shou...

This vulnerability allows remote attackers to bypass authorization in the macrozheng mall e-commerce platform by manipulating the orderId parameter in the paySuccess function. Attackers could potentia...

This vulnerability allows remote attackers to bypass authorization checks in the macrozheng mall e-commerce platform by manipulating the orderId parameter. Attackers could potentially access other use...

This vulnerability in macrozheng mall's JWT Token Handler allows attackers to forge authentication tokens by exploiting the use of a default cryptographic key. Systems running affected versions could ...