CNNVD-202512-489 Information

CNNVD ID

CNNVD-202512-489

Related CVE

CVE-2025-14016

• CNNVD Published: 2025-12-04

Description (Chinese)

mall-swarm是macro个人开发者的一套微服务商城系统。 mall-swarm 1.0.3及之前版本存在授权问题漏洞，该漏洞源于对文件/member/readHistory/delete中参数ids的错误操作，可能导致授权不当。

Description (English)

Mall-swarm is a micro-service mall system for macro developers. Mall-swarm 1.0.3 and previous versions had a mandate gap, which stemmed from the mishandling of the parameter ids in the document/member/readHistory/delete, which could lead to inappropriate authorization.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

个人开发者

Published

2025-12-04

Last Modified

2026-02-24

References

https://github.com/Hwwg/cve/issues/17 https://vuldb.com/?ctiid.334257 https://vuldb.com/?id.334257 https://vuldb.com/?submit.694797