CNNVD-202508-833 Information

CNNVD ID

CNNVD-202508-833

Related CVE

CVE-2025-8755

• CNNVD Published: 2025-08-09

Description (Chinese)

mall是macro个人开发者的一套电商系统，包括前台商城系统及后台管理系统。 mall 1.0.3及之前版本存在安全漏洞，该漏洞源于文件UmsMemberController.java中参数orderId处理不当，可能导致授权绕过。

Description (English)

Mall is a set of electrician systems for Macro’s personal developers, including the front and back office management systems. Mall 1.0.3 and previous versions contain a security loophole, which stems from the inappropriate handling of the parameter orderId in the UmsMemberController.java, which may lead to the circumvention of the authorization.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-09

Last Modified

2026-02-24

References

https://github.com/N1n3b9S/cve/issues/14 https://vuldb.com/?submit.624046 https://vuldb.com/?id.319253 https://vuldb.com/?ctiid.319253 https://github.com/N1n3b9S/cve/issues/14#issue-3269039303 https://access.redhat.com/security/cve/cve-2025-8755 https://nvd.nist.gov/vuln/detail/CVE-2025-8755