CNNVD-202602-1083 Information

CNNVD ID

CNNVD-202602-1083

Related CVE

CVE-2026-25858

• CNNVD Published: 2026-02-07

Description (Chinese)

mall是macro个人开发者的一套电商系统，包括前台商城系统及后台管理系统。 mall 1.0.3及之前版本存在授权问题漏洞，该漏洞源于密码重置工作流程中存在身份验证漏洞，可能导致远程账户接管。

Description (English)

Mall is a set of electrician systems for Macro’s personal developers, including the front and back office management systems. Mall 1.0.3 and previous versions had a mandate gap, which stemmed from an identification gap in the password resetting workflow, which could lead to remote account take-over.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

个人开发者

Published

2026-02-07

Last Modified

2026-02-24

References

https://github.com/macrozheng/mall/issues/946 https://www.vulncheck.com/advisories/macrozheng-mall-unauthenticated-password-reset-via-otp-disclosure https://www.macrozheng.com/ https://access.redhat.com/security/cve/cve-2026-25858