CVE-2025-28399 Information

Description

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.

Reference

https://github.com/20210607/cve_public/blob/main/CVE-2025-28399.md