CNNVD-202601-1813 Information

CNNVD ID

CNNVD-202601-1813

Related CVE

CVE-2023-36331

• CNNVD Published: 2026-01-12

Description (Chinese)

XMall是Exrick个人开发者的一个基于SOA架构的分布式电商购物商城。 xmall 1.1版本存在安全漏洞，该漏洞源于/member/orderList API访问控制不当，可能导致攻击者通过操纵查询参数userId随意访问其他用户订单详情。

Description (English)

XMall is a distributional electrician shopping mall based on SOA structures for Exrick personal developers. The security gap in version xmall 1.1, which stems from inadequate access controls of/member/orderList API, may lead to random access by the attackers to other user order details by manipulating query parameters userId.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-12

Last Modified

2026-02-24

References

https://github.com/Exrick/xmall/issues/100 https://access.redhat.com/security/cve/cve-2023-36331